GithubHelp home page GithubHelp logo

Comments (5)

kamilmysliwiec avatar kamilmysliwiec commented on April 26, 2024 11

https://github.com/AzureAD/passport-azure-ad

from passport.

aramalipoor avatar aramalipoor commented on April 26, 2024 2

@kamilmysliwiec looks like because of this block and they way NestJS Passport wrapper works passport-azure-ad cannot populate proper arguments to the "verify" (aka "validate") method. Because "arity" or number of verify function arguments will be calculated as 0 :( in here: https://github.com/AzureAD/passport-azure-ad/blob/96c7a193737f03a270b4eb0d99ce2d59256da9a9/lib/oidcstrategy.js#L109

import { Injectable } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { OIDCStrategy } from 'passport-azure-ad';

import { configService } from '../config/config.service';
import { ProfileProvider } from '../user/user.types';
import { AuthService } from './auth.service';

@Injectable()
export class AzureAdStrategy extends PassportStrategy(
  OIDCStrategy,
  'azure-ad',
) {
  constructor(private readonly authService: AuthService) {
    super(configService.getAzureAdConfig());
  }

  async validate(iss, sub, profile, accessToken, refreshToken, done: Function) {
    try {
      const jwt: string = await this.authService.handleOAuthLogin(
        accessToken,
        refreshToken,
        profile.id,
        ProfileProvider.AZURE_AD,
      );

      done(null, {
        jwt,
      });
    } catch (err) {
      console.log('Azure AD Strategy failure', err);
      done(err, false);
    }
  }
}

Using above class first argument is either request (if passReqToCallback: true) or profile object and last argument is "done" function.

Not "profile" nor "request" contain the accessToken or refreshToken 🤔

Is it possible to work-around this somehow? Like directly registering Azure-AD with passport as a quick fix for now?

from passport.

aramalipoor avatar aramalipoor commented on April 26, 2024 1

Thanks @llhupp, I ended up directly providing the callback function instead of using NestJs strategy:

import passport from 'passport';
import { Injectable, OnModuleInit } from '@nestjs/common';
import { OIDCStrategy } from 'passport-azure-ad';

import { configService } from '../config/config.service';
import { ProfileProvider } from '../user/user.types';
import { AuthService } from './auth.service';

@Injectable()
export class AzureadStrategy extends OIDCStrategy implements OnModuleInit {
  onModuleInit() {
    passport.use('azuread', this);
  }

  constructor(private readonly authService: AuthService) {
    super(
      configService.getAzureadConfig(),
      (iss, sub, profile, accessToken, refreshToken, done) => {
        try {
          return this.authService
            .handleOAuthLogin(
              accessToken,
              refreshToken,
              profile.oid,
              ProfileProvider.AZUREAD,
            )
            .then(jwt => {
              done(null, {
                jwt,
              });
            })
            .catch(err => {
              console.log('Azure AD Strategy failure 1', err);
              done(err, false);
            });
        } catch (err) {
          console.log('Azure AD Strategy failure 2', err);
          done(err, false);
          return err;
        }
      },
    );
  }
}

from passport.

LyricL-Gitster avatar LyricL-Gitster commented on April 26, 2024

@aramalipoor In case you're still stuck around this, I'm following a solution where you can hack a custom callback function based on this issue:
https://github.com/AzureAD/passport-azure-ad/issues/424#issue-447820817

from passport.

0x0ece avatar 0x0ece commented on April 26, 2024

FYI, I made a proposal to passport-azure-ad to explicitly set the verify callback signature.

With that PR, setting verifyArity: 8 in the options lets you retrieve the tokens.

@Injectable()
export class AzureAdStrategy extends PassportStrategy(OIDCStrategy) {
  constructor (private readonly moduleRef: ModuleRef) {
    super({
      ...
      passReqToCallback: true,
      verifyArity: 8,
    })
  }

  async validate (
    request, iss, sub, profile, jwtClaims, access_token, refresh_token, params
  ): Promise<RequestUser | null> {
     ...
  }
}

from passport.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.