-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathmicrosoft.ts
46 lines (41 loc) · 1.43 KB
/
microsoft.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import { OIDCStrategy as Strategy, IProfile } from 'passport-azure-ad';
import { VerifyCallback } from 'passport-oauth2';
import { Profile } from 'passport';
import processOAuthCallback from './processOAuthCallback';
import { Models } from '../models';
const {
MSFT_CLIENT_ID: clientID,
MSFT_CLIENT_SECRET: clientSecret,
MSFT_REDIRECT_URL: redirectUrl,
} = process.env;
if (!clientID) throw new Error('MSFT_CLIENT_ID not set');
if (!clientSecret) throw new Error('MSFT_CLIENT_SECRET not set');
if (!redirectUrl) throw new Error('MSFT_REDIRECT_URL not set');
export const strategy = (models: Models): Strategy =>
new Strategy(
{
allowHttpForRedirectUrl: true,
clientID,
clientSecret,
// yes, identitymetadata should be set explicitly
// it would only have to be changed if you wanted to restrict it to a single org's internal directory
identityMetadata:
'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration',
loggingLevel: 'error',
passReqToCallback: false,
redirectUrl,
responseMode: 'query',
responseType: 'code',
scope: ['email'],
validateIssuer: false,
},
(profile: IProfile, done: VerifyCallback) => {
const coercedProfile: Profile = {
displayName: profile.displayName || '',
id: profile.sub || profile._json.sub,
provider: 'microsoft',
emails: [{ value: profile._json.email }],
};
void processOAuthCallback(models, coercedProfile, done);
}
);