CODEWITHSUNDEEP
node.jspassport.jsadfspassport-google-oauth
sarius
sarius

Reputation: 187

OAuth with passport.js for ADFS instead of Google

I have been given the task to integrate my web app built with Node JS towards ADFS. Since I am an absolute novice in the field of authentication and currently have no access rights / knowledge in relation to the ADFS infrastructure, I thought that I first build an authentication with Google as a test. Because there is a lot of information about this on the web and I could simply prepare the "IDP-side" by myself with the Google developers console. This works fine, so I now would like to go back to the original task. So I'd like to know, how to rebuild my code to enable OAuth authentication with ADFS instead of Google as IDP.

I haven't really found any examples online (only for saml, not oauth), so I wanted to ask if anyone has ever used the passport-oauth2-package for adfs and could tell me what changes I need to make here to my code that is at the moment geared for Google. Obviously swap the strategy of passport, but the steps after that are giving me trouble.

The team that takes care of the adfs infrastructure unfortunately has no experience with the application side in the form of Node JS, so I'm on my own and looking for answers here. Any kind of tips would be awesome!

auth.js

// define strategy
passport.use(new GoogleStrategy({
  clientID: process.env.CLIENT_ID,
  clientSecret: process.env.CLIENT_SECRET,
  callbackURL: "http://localhost:3000/auth/google/callback",
  passReqToCallback: true,
},
// Function with code what happens after someone successfully logs in
function(request, accessToken, refreshToken, profile, done) {
  return done(null, profile);
}));

// persist data into session after successfull auth
passport.serializeUser(function(user, done) {
  done(null, user);
});

// retrieve data from session
passport.deserializeUser(function(user, done) {
  done(null, user);
});

index.js

// middleware function to check login
function isLoggedIn(req, res, next) {
// if request hast user bring them to next point if not send 401
  req.user ? next() : res.sendStatus(401);
}

// session management
app.use(session({ secret: process.env.COOKIE_SECRET, resave: false, saveUninitialized: true }));
app.use(passport.initialize());
app.use(passport.session());

app.get('/', (req, res) => {
  // Button with Link to /auth/google
  res.send('<a href="/auth/google">Authenticate with Google</a>');
});

// when someone goes to /auth/google (with button from function above) -> then authenticate them with google
// scope of auth in this case is email and profile
app.get('/auth/google',
  passport.authenticate('google', { scope: [ 'email', 'profile' ] }
));

// after autentication the user will be redirected to /auth/google/callback
app.get( '/auth/google/callback',
  passport.authenticate( 'google', {
    successRedirect: '/protected',
    failureRedirect: '/auth/google/failure'
  })
);

// success redirect is /protected, with isLoggedIn the therefore function is called
app.get('/protected', isLoggedIn, (req, res) => {
  res.send(`Hello ${req.user.displayName}`);
});

// failure redirect is /auth/google/failure
app.get('/auth/google/failure', (req, res) => {
    res.send('Failed to authenticate..');
  });

// logout
app.get('/logout', (req, res) => {
  req.logout();
  req.session.destroy();
  res.send('Goodbye!');
});

Upvotes: 1

Views: 1013

Answers (1)

rbrayb
rbrayb

Reputation: 46773

ADFS doesn't really care if the client is Node JS.

It just needs clientID, secret, redirectURL etc.

There's an example here of how to configure OAuth with ADFS and what to use on the client-side.

If you look at the tabs on the left, under ADAL you'll see a SPA example.

Hopefully, this steers you in the right direction.

Upvotes: 2

Related Questions