10

We have application that is developed using MEAN stack. and we are planning to use Azure AD for authentication.

Client Side
In angular the client side resources are protected using adal JS library based on article here

Server Side Node Web API
To protect server side web api i was following the article here which uses passport-azure-ad node module. However on passportjs web site i came across one more node module passport-azure-ad-oauth2

So the question is what's the difference between passport-azure-ad vs passport-azure-ad-oauth2

LP13
  • 30,567
  • 53
  • 217
  • 400
  • The article you reference is horribly incomplete. "Create a key and copy it somewhere, we will use it later.." and then they never do. – Tony Gutierrez Jun 15 '17 at 16:11

1 Answers1

23

I'm the maintainer of passport-azure-ad. Passport-azure-ad comes from Microsoft and was built to support not just OAuth2 but also scenarios in preview such as B2C and B2B and soon our converged endpoint that we announced at BUILD 2016.

passport-azure-ad-oauth2 is from Auth0 team not affiliated with Microsoft, but they are perfectly good team with good documentation as well. I don't know their level of support for the other scenarios above.

Azure Active Directory is an open platform and strives to use open standards like OAuth2 and Open ID Connect so that developers have this kind of choice.

So, you are free to use whatever library you'd like, but of course from my perspective I'd advocate using the Microsoft OSS libraries on GitHub where they exist, like passport-azure-ad.

Does that help? Feel free to let me know if you run in to any problems with passport-azure-ad if you continue down that route.

Brandon Werner
  • 1,305
  • 10
  • 16
  • Thanks!! That really helped – LP13 Apr 14 '16 at 19:50
  • will it work with express? the article i was following is using restify – LP13 Apr 14 '16 at 19:57
  • 1
    Yes. Restify borrows from Express and is used to expose APIs so I'd really recommend that if you are building a REST API using OAuth, but if you are looking for routes, etc. for login interactively try this sample: https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect – Brandon Werner Apr 14 '16 at 20:19
  • Thanks Again. One last question. Our application has Angular UI + Node Web APIs. We don't want unauthenticated user to directly call API. I am assuming "passport-azure-ad" WILL NOT protect any server side api. I was following this article i think written by you :) to protect server side API https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-webapi-nodejs/ – LP13 Apr 14 '16 at 20:33
  • 1
    Sure it will! You just invoke a passport plug-in on the URL you want to protect. You basically let it know what endpoints you want to protect and it will always either ask for a token or return an error. This is actually a feature of passport.js the library, not my plug in :-) So instead of: `server.get('/tasks/:owner', getTask);` - which will let anyone in You add additional param (the passport plugin) to lock it down: `server.get('/tasks/:owner', passport.authenticate('oauth-bearer', { session: false }), getTask);` – Brandon Werner Apr 14 '16 at 22:30