| page_type | languages | products | description | urlFragment | ||||
|---|---|---|---|---|---|---|---|---|
sample |
|
|
A sample demonstrating how to protect a Node.js web API with Azure AD v2.0 using the Passport.js library. |
active-directory-javascript-nodejs-webapi-v2 |
This sample demonstrates how to protect a Node.js web API with Azure AD v2.0 using the Passport.js library. The code here is pre-configured with a registered client ID. If you register your own app, you will need to replace the client ID.
| File/folder | Description |
|---|---|
AppCreationScripts |
Contains automation scripts for Powershell users (can be safely removed if desired). |
process.json |
Contains configuration parameters for logging via Bunyan. |
index.js |
Main application logic resides here. |
config.js |
Contains configuration parameters for the sample. |
.gitignore |
Defines what to ignore at commit time. |
CHANGELOG.md |
List of changes to the sample. |
CODE_OF_CONDUCT.md |
Code of Conduct information. |
CONTRIBUTING.md |
Guidelines for contributing to the sample. |
LICENSE |
The license for the sample. |
package.json |
Package manifest for npm. |
README.md |
This README file. |
SECURITY.md |
Security disclosures. |
- Clone the code.
git clone https://github.com/Azure-Samples/active-directory-javascript-nodejs-webapi-v2.git-
Make sure you've installed Node.js.
-
Install the node dependencies:
npm install && npm update-
Configure your environmental parameters:
- Open
config.js. - Replace the string "Enter_the_Application_Id_Here" with your app/client ID on AAD Portal.
e.g. 21312343-2323121-34342-32311 - Replace the string "Enter_the_Metadata_Endpoint_Here" with your OpenID Connect metadata document url on the AAD Portal.
e.g. https://login.microsoftonline.com/<Tenant ID or Name>
- Open
-
Run the Web API! By default it will run on
http://localhost:5000
npm startThe /hello endpoint in this sample is protected so an authorized request to it requires an access token issued by Azure AD v2.0 in the header. In the rest, we will discuss how to protect and expose this API on Azure AD Portal.
Note: The application that is calling this web API also needs to be registered on Azure AD Portal and configured accordingly. Please refer to the documentation on how to Configure a client application to access web APIs.
Select the Expose an API section, and:
- Register your application on Azure AD Portal.
- Make a note of your
clientID. - On the right side menu, select
Expose an API. - Select
Add a Scope. - Enter your scope information:
- Name your scope as
demo.read. - Under
Who can consent?section, selectAdmins and users. - Fill
admin consent display nameandadmin consent descriptionas you like (this will appear on the consent screen to end users informing them what the API does). - Fill
user consent display nameanduser consent descriptionas you like (this will appear on the consent screen to end users informing them what the API does). - Under
statesection, selectEnabled(this will add a state parameter to communication between the API and client app and is encouraged for security).
- Name your scope as
- Back on
Expose an APIpage, click onAdd a client Application.- Add the
Client IDof the application that will call this web API. - Click on
Authorize scopescheckbox, then clickAdd applicationon the bottom.
- Add the
- You are all set. After you configure your client application, you will be able to call this web API.
For more detailed instructions discussing the steps above, please refer to the document on how to Configure an application to expose web APIs.
Please file any questions or problems with the sample as a GitHub issue. You can also post on StackOverflow with the tag azure-active-directory. For OAuth2.0 library issues, please see note below.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.