I am using the https://github.com/AzureAD/passport-azure-ad plugin to work with the Azure AD Graph API.
Dependency in my package.json
"passport-azure-ad": "^3.0.12"
I have refered samle provided here: https://github.com/AzureADQuickStarts/WebApp-OpenIDConnect-NodeJS
I am able to do auth & get access_token & refresh_token. But the last argument done is giving an error as
TypeError: done is not a function
My code is written using Typescript my strategy code:
passport.use( new OIDCStrategy( {
identityMetadata: "https://login.microsoftonline.com/" + tenantName + "/v2.0/.well-known/openid-configuration",
clientID: clientID,
responseType: app_properties.responseType,
responseMode: app_properties.responseMode,
redirectUrl: app_properties.redirectUrl,
allowHttpForRedirectUrl: app_properties.allowHttpForRedirectUrl,
clientSecret: clientSecret,
validateIssuer: app_properties.validateIssuer,
isB2C: app_properties.isB2C,
issuer: app_properties.issuer,
passReqToCallback: app_properties.passReqToCallback,
scope: app_properties.scope,
loggingLevel: app_properties.loggingLevel,
nonceLifetime: app_properties.nonceLifetime,
nonceMaxAmount: app_properties.nonceMaxAmount,
useCookieInsteadOfSession: app_properties.useCookieInsteadOfSession,
cookieEncryptionKeys: app_properties.cookieEncryptionKeys,
clockSkew: app_properties.clockSkew
},
function ( iss: any, sub: any, profile: any, accessToken: any, refreshToken: any, done: any ) {
if ( iss ) {
console.log( 'iss' + JSON.stringify( iss ) );
}
if ( sub ) {
console.log( 'sub' + JSON.stringify( sub ) );
}
if ( accessToken ) {
console.log( 'Received accessToken ' + accessToken );
}
if ( refreshToken ) {
console.log( 'Received refreshToken ' + refreshToken );
}
if ( !profile.oid ) {
console.log( 'Received accessToken ' + accessToken );
return done( new Error( "No oid found" ), null );
}
if ( profile ) {
console.log( 'profile' + JSON.stringify( profile ) );
}
return done(null, profile);
} ) );
Also, the custom state parameter does not retain state string, As per documentation
customState: if you want to use a custom state value instead of a randomly generated one
Why done is not working? Also, how can I maintain state?
Below is redirection URL invocation endpoint function in my app server
export function authAzureAd( req: Request, res: Response, next: any ) {
passport.authenticate( 'azuread-openidconnect' , function ( err: any, user: any, info: any ) {
if ( err ) {
return next( err );
}
if ( !user ) {
return res.send( { success: false, message: 'authentication failed' } );
}
console.info( 'user: ' + JSON.stringify( user ) );
return res.send( { success: true, message: 'authentication succeeded' } );
} )( req, res, next );
} catch ( err ) {
console.info( err );
res.status( 500 ).send( { message: err.message } );
}
}
Auth Callback POST API endpoint function call as follows:
export function authCallback(req: Request, res: Response, next: any) {
console.info('In the AzureAD callback, next = '+next);
if (next == null) { // If we want something else to happen here, we can do it
next = () => {};
}
try {
passport.authenticate('azuread-openidconnect', { failureRedirect: '/login', customState: 'my_state', successRedirect: '/dashboard' })(req, res, next)
} catch (err) {
console.info(err);
res.status(500).send({ message: err.message });
}
}
Update
1] About TypeError: done is not a function I updated the package.json to have dependency as "passport-azure-ad": "4.0.0" instead of "passport-azure-ad": "^3.0.12" then done started working with process.nextTick() as defined in sample verify callback in the documentation.
2] About customState I get the state param in the req.body.state not in req.query.state. See this question. The reason for this the auth callback by azure-ad happens to be HTTP POST not HTTP GET like in other OAuth flows. Hence the state is part of the body.
