This sample demonstrates how to protect a Node.js web API with Azure AD v2.0 using the Passport.js library. The code here is pre-configured with a registered client ID. If you register your own app, you will need to replace the client ID.
Steps to Run
Clone the code.
Make sure you've installed Node.
Install the node dependencies:
npm install && npm update
Run the Web API! By default it will run on
/hello endpoint in this sample is protected so an authorized request to it requires an access token issued by Azure AD v2.0 in the header. You can register your app and make authorized requests to this web API. Currently, the Azure AD v2.0 does not issue access tokens to a Web API that has a different Application ID than the client app. Make sure you add this Web API under the same Application ID as your app.
Questions & Issues
Please file any questions or problems with the sample as a GitHub issue. You can also post on Stackoverflow with the tag
azure-ad-b2c. For OAuth2.0 library issues, please see note below.