Securing a Node.js REST-based Application with Azure Active Directory
This is the sample code for the article, Secure Node.js Web API with Azure Active Directory.
Before you can connect to Azure Active Directory, you need the following information:
|Name||Description||Variable Name in Config File|
|Tenant Name||Tenant name you want to use for authentication|| |
|Client ID||Client ID is the OAuth term used for the AAD Application ID.|| |
Once you have cloned the repository, open
config.js and add your values for tenant name and client ID in the following code:
const tenantName = //<YOUR_TENANT_NAME>; const clientID = //<YOUR_CLIENT_ID>; const serverPort = 3000;
For help on how to determine the values for these variables, read about the Project Setup in the accompanying article.
Run the sample
Once configuration is complete, then install the dependencies and start the project.
npm install npm start
Test an unsecured end point
To test a route that does not require authentication, enter the following command in a bash shell:
curl -isS -X GET http://127.0.0.1:3000/
If you have configured your server correctly, the response should look similar to:
HTTP/1.1 200 OK Server: Azure Active Directroy with Node.js Demo Content-Type: application/json Content-Length: 49 Date: Tue, 10 Oct 2017 18:35:13 GMT Connection: keep-alive Try: curl -isS -X GET http://127.0.0.1:3000/api
Test a secured end point
To test a secured route, enter the following into a bash shell:
curl -isS -X GET http://127.0.0.1:3000/api
If you have configured the server correctly, then the server should respond with a status of
HTTP/1.1 401 Unauthorized Server: Azure Active Directroy with Node.js Demo WWW-Authenticate: token is not found Date: Tue, 10 Oct 2017 16:22:03 GMT Connection: keep-alive Content-Length: 12 Unauthorized