|
8 | 8 | 1. [Registration](#registration) |
9 | 9 | 1. [Running the sample](#running-the-sample) |
10 | 10 | 1. [Explore the sample](#explore-the-sample) |
11 | | - 1. [About the code](#about-the-code) |
12 | 11 | 1. [More information](#more-information) |
13 | 12 | 1. [Community Help and Support](#community-help-and-support) |
14 | 13 | 1. [Contributing](#contributing) |
@@ -158,99 +157,6 @@ Locate the root of the sample folder. Then: |
158 | 157 |
|
159 | 158 | Were we successful in addressing your learning objective? Consider taking a moment to [share your experience with us](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpUQkRCSVdRSk8wUjdZSkg2NEZGOFFaTkxQVyQlQCN0PWcu). |
160 | 159 |
|
161 | | -## About the code |
162 | | - |
163 | | -### Initialization |
164 | | - |
165 | | -In [app.js](./App/app.js), we initialize the [WebAppAuthProvider]() class. Once initialized, **WebAppAuthProvider** exposes the [authenticate()]() middleware, which sets the default routes for handling redirect response from Azure AD and etc. |
166 | | - |
167 | | -```javascript |
168 | | - const { WebAppAuthProvider } = require('msal-node-wrapper'); |
169 | | - |
170 | | - const authConfig = require('./authConfig.js'); |
171 | | - |
172 | | - const SERVER_PORT = process.env.PORT || 4000; |
173 | | - |
174 | | - // initialize express |
175 | | - const app = express(); |
176 | | - |
177 | | - // ... |
178 | | - |
179 | | - // instantiate the wrapper |
180 | | - const authProvider = await WebAppAuthProvider.initialize(authConfig); |
181 | | - |
182 | | - // initialize the auth middleware |
183 | | - app.use(authProvider.authenticate()); |
184 | | - |
185 | | - // ... |
186 | | - |
187 | | - app.listen(SERVER_PORT, () => console.log(`Msal Node Auth Code Sample app listening on port ${SERVER_PORT}!`)); |
188 | | -``` |
189 | | - |
190 | | -The `authProvider` object exposes several middleware that you can use in your routes for authN/authZ tasks: |
191 | | - |
192 | | -```javascript |
193 | | - // authentication routes |
194 | | - app.get( |
195 | | - '/signin', |
196 | | - (req, res, next) => { |
197 | | - return req.authContext.login({ |
198 | | - postLoginRedirectUri: "/", // redirect here after login |
199 | | - })(req, res, next); |
200 | | - } |
201 | | - ); |
202 | | - |
203 | | - app.get( |
204 | | - '/signout', |
205 | | - (req, res, next) => { |
206 | | - return req.authContext.logout({ |
207 | | - postLogoutRedirectUri: "/", // redirect here after logout |
208 | | - })(req, res, next); |
209 | | - } |
210 | | - ); |
211 | | - |
212 | | - // secure routes |
213 | | - app.get('/id', |
214 | | - authProvider.guard({ |
215 | | - forceLogin: true // force user to login if not authenticated |
216 | | - }), |
217 | | - mainController.getIdPage |
218 | | - ); |
219 | | - |
220 | | - /** |
221 | | - * This error handler is needed to catch interaction_required errors thrown by MSAL. |
222 | | - * Make sure to add it to your middleware chain after all your routers, but before any other |
223 | | - * error handlers. |
224 | | - */ |
225 | | - app.use(authProvider.interactionErrorHandler()); |
226 | | -``` |
227 | | - |
228 | | -Under the hood, the wrapper creates an **MSAL Node** [configuration object](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/configuration.md) and instantiates the MSAL Node [ConfidentialClientApplication](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/src/client/ConfidentialClientApplication.ts) class by passing it. |
229 | | - |
230 | | -### Sign-in |
231 | | - |
232 | | -The user clicks on the **sign-in** button and navigates to `/signin` route. From there, the [login()]() middleware takes over. It creates and encodes a state object to pass with an authorization code request. The login middleware takes several optional configuration parameters. |
233 | | - |
234 | | -### Secure routes |
235 | | - |
236 | | -Simply add the [guard()]() middleware to your route, before the controller that displays the page you want to be secure. This would require any user to be authenticated to access this route: |
237 | | - |
238 | | -```javascript |
239 | | -// secure routes |
240 | | -app.get('/id', |
241 | | - msid.isAuthenticated(), |
242 | | - mainController.getIdPage |
243 | | -); |
244 | | -``` |
245 | | - |
246 | | -### Sign-out |
247 | | - |
248 | | -To sign out, the wrapper's [signOut()](https://azure-samples.github.io/microsoft-identity-express/classes/MsalWebAppAuthClient.html#signOut) middleware constructs a logout URL following the [guide here](https://docs.microsoft.com/azure/active-directory/develop/v2-protocols-oidc#send-a-sign-out-request). Then, we clear the cache, destroy the current **express-session** and redirect the user to the **sign-out endpoint**: |
249 | | - |
250 | | -```javascript |
251 | | - |
252 | | -``` |
253 | | - |
254 | 160 | ## More information |
255 | 161 |
|
256 | 162 | Configure your application: |
|
0 commit comments