Support for Azure AD authentication #53
Comments
|
@kamilmysliwiec looks like because of this block and they way NestJS Passport wrapper works passport-azure-ad cannot populate proper arguments to the "verify" (aka "validate") method. Because "arity" or number of verify function arguments will be calculated as 0 :( in here: https://github.com/AzureAD/passport-azure-ad/blob/96c7a193737f03a270b4eb0d99ce2d59256da9a9/lib/oidcstrategy.js#L109 import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { OIDCStrategy } from 'passport-azure-ad';
import { configService } from '../config/config.service';
import { ProfileProvider } from '../user/user.types';
import { AuthService } from './auth.service';
@Injectable()
export class AzureAdStrategy extends PassportStrategy(
OIDCStrategy,
'azure-ad',
) {
constructor(private readonly authService: AuthService) {
super(configService.getAzureAdConfig());
}
async validate(iss, sub, profile, accessToken, refreshToken, done: Function) {
try {
const jwt: string = await this.authService.handleOAuthLogin(
accessToken,
refreshToken,
profile.id,
ProfileProvider.AZURE_AD,
);
done(null, {
jwt,
});
} catch (err) {
console.log('Azure AD Strategy failure', err);
done(err, false);
}
}
}Using above class first argument is either request (if passReqToCallback: true) or profile object and last argument is "done" function. Not "profile" nor "request" contain the accessToken or refreshToken 🤔 Is it possible to work-around this somehow? Like directly registering Azure-AD with passport as a quick fix for now? |
|
@aramalipoor In case you're still stuck around this, I'm following a solution where you can hack a custom callback function based on this issue: |
|
Thanks @llhupp, I ended up directly providing the callback function instead of using NestJs strategy: import passport from 'passport';
import { Injectable, OnModuleInit } from '@nestjs/common';
import { OIDCStrategy } from 'passport-azure-ad';
import { configService } from '../config/config.service';
import { ProfileProvider } from '../user/user.types';
import { AuthService } from './auth.service';
@Injectable()
export class AzureadStrategy extends OIDCStrategy implements OnModuleInit {
onModuleInit() {
passport.use('azuread', this);
}
constructor(private readonly authService: AuthService) {
super(
configService.getAzureadConfig(),
(iss, sub, profile, accessToken, refreshToken, done) => {
try {
return this.authService
.handleOAuthLogin(
accessToken,
refreshToken,
profile.oid,
ProfileProvider.AZUREAD,
)
.then(jwt => {
done(null, {
jwt,
});
})
.catch(err => {
console.log('Azure AD Strategy failure 1', err);
done(err, false);
});
} catch (err) {
console.log('Azure AD Strategy failure 2', err);
done(err, false);
return err;
}
},
);
}
} |
|
FYI, I made a proposal to passport-azure-ad to explicitly set the verify callback signature. With that PR, setting @Injectable()
export class AzureAdStrategy extends PassportStrategy(OIDCStrategy) {
constructor (private readonly moduleRef: ModuleRef) {
super({
...
passReqToCallback: true,
verifyArity: 8,
})
}
async validate (
request, iss, sub, profile, jwtClaims, access_token, refresh_token, params
): Promise<RequestUser | null> {
...
}
} |
I'm submitting a...
Current behavior
Expected behavior
Validate jwt token using Azure AD.
Minimal reproduction of the problem with instructions
What is the motivation / use case for changing the behavior?
Environment
The text was updated successfully, but these errors were encountered: