• This repository has been archived on 07/Aug/2021
  • Stars
    star
    208
  • Rank 189,015 (Top 4 %)
  • Language
    JavaScript
  • License
    Apache License 2.0
  • Created over 10 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The code for ADAL Node has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.

This library, ADAL for Node.js, will no longer receive new feature improvements. Instead, use the new library MSAL for Node.js.

  • If you are starting a new project, you can get started with the MSAL for Node.js docs for details about the scenarios, usage, and relevant concepts.
  • If your application is using the previous ADAL for Node.js library, you can follow this migration guide for Node.js apps.
  • Existing applications relying on ADAL for Node.js will continue to work.

Feedback

Update to MSAL for Node.js now!

MSAL for Node.js is the new authentication library to be used with the Microsoft identity platform

Building on top of ADAL, MSAL works with the new and Open ID Connect certified Azure AD V2 endpoint and the new social identity solution from Microsoft, Azure AD B2C.

ADAL for Node.js is in maintenance mode and no new features will be added to the ADAL library anymore. All our ongoing efforts will be focused on improving the new MSAL for Node.js. MSAL’s documentation also contains a migration guide which simplifies upgrading from ADAL for Node.js.

Windows Azure Active Directory Authentication Library (ADAL) for Node.js

The ADAL for node.js library makes it easy for node.js applications to authenticate to AAD in order to access AAD protected web resources. It supports 3 authentication modes shown in the quickstart code below.

Versions

Current version - 0.2.2
Minimum recommended version - 0.2.2
You can find the changes for each version in the change log.

Samples and Documentation

We provide a full suite of sample applications and documentation on GitHub to help you get started with learning the Azure Identity system. This includes tutorials for native clients such as Windows, Windows Phone, iOS, OSX, Android, and Linux. We also provide full walkthroughs for authentication flows such as OAuth2, OpenID Connect, Graph API, and other awesome features.

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browse existing issues to see if someone has had your question before.

We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for ADAL: http://stackoverflow.com/questions/tagged/adal

Submit Feedback

We'd like your thoughts on this library. Please complete this short survey.

Security Reporting

If you find a security issue with our libraries or services please report it to [email protected] with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.

Contributing

All code is licensed under the Apache 2.0 license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. You can clone the repo and start contributing now.

Quick Start

Installation

$ npm install adal-node

Configure the logging

Personal Identifiable Information (PII) & Organizational Identifiable Information (OII)

By default, ADAL logging does not capture or log any PII or OII. The library allows app developers to turn this on by configuring the loggingWithPII flag in the logging options. By turning on PII or OII, the app takes responsibility for safely handling highly-sensitive data and complying with any regulatory requirements.

var logging = require('adal-node').Logging;

//PII or OII logging disabled. Default Logger does not capture any PII or OII.
logging.setLoggingOptions({
  log: function(level, message, error) {
    // provide your own implementation of the log function
  },
  level: logging.LOGGING_LEVEL.VERBOSE, // provide the logging level
  loggingWithPII: false  // Determine if you want to log personal identification information. The default value is false.
});

//PII or OII logging enabled.
logging.setLoggingOptions({
  log: function(level, message, error) {
    // provide your own implementation of the log function
  },
  level: logging.LOGGING_LEVEL.VERBOSE,
  loggingWithPII: true
});

Authorization Code

See the website sample for a complete bare bones express based web site that makes use of the code below.

var AuthenticationContext = require('adal-node').AuthenticationContext;

var clientId = 'yourClientIdHere';
var clientSecret = 'yourAADIssuedClientSecretHere'
var authorityHostUrl = 'https://login.windows.net';
var tenant = 'myTenant';
var authorityUrl = authorityHostUrl + '/' + tenant;
var redirectUri = 'http://localhost:3000/getAToken';
var resource = '00000002-0000-0000-c000-000000000000';
var templateAuthzUrl = 'https://login.windows.net/' + 
                        tenant + 
                        '/oauth2/authorize?response_type=code&client_id=' +
                        clientId + 
                        '&redirect_uri=' + 
                        redirectUri + 
                        '&state=<state>&resource=' + 
                        resource;

function createAuthorizationUrl(state) {
  return templateAuthzUrl.replace('<state>', state);
}

// Clients get redirected here in order to create an OAuth authorize url and redirect them to AAD.
// There they will authenticate and give their consent to allow this app access to
// some resource they own.
app.get('/auth', function(req, res) {
  crypto.randomBytes(48, function(ex, buf) {
    var token = buf.toString('base64').replace(/\//g,'_').replace(/\+/g,'-');

    res.cookie('authstate', token);
    var authorizationUrl = createAuthorizationUrl(token);

    res.redirect(authorizationUrl);
  });
});

// After consent is granted AAD redirects here.  The ADAL library is invoked via the
// AuthenticationContext and retrieves an access token that can be used to access the
// user owned resource.
app.get('/getAToken', function(req, res) {
  if (req.cookies.authstate !== req.query.state) {
    res.send('error: state does not match');
  }

  var authenticationContext = new AuthenticationContext(authorityUrl);

  authenticationContext.acquireTokenWithAuthorizationCode(
    req.query.code,
    redirectUri,
    resource,
    clientId, 
    clientSecret,
    function(err, response) {
      var errorMessage = '';
      if (err) {
        errorMessage = 'error: ' + err.message + '\n';
      }
      errorMessage += 'response: ' + JSON.stringify(response);
      res.send(errorMessage);
    }
  );
});

Server to Server via Client Credentials

See the client credentials sample.

var AuthenticationContext = require('adal-node').AuthenticationContext;

var authorityHostUrl = 'https://login.windows.net';
var tenant = 'myTenant.onmicrosoft.com'; // AAD Tenant name.
var authorityUrl = authorityHostUrl + '/' + tenant;
var applicationId = 'yourApplicationIdHere'; // Application Id of app registered under AAD.
var clientSecret = 'yourAADIssuedClientSecretHere'; // Secret generated for app. Read this environment variable.
var resource = '00000002-0000-0000-c000-000000000000'; // URI that identifies the resource for which the token is valid.

var context = new AuthenticationContext(authorityUrl);

context.acquireTokenWithClientCredentials(resource, applicationId, clientSecret, function(err, tokenResponse) {
  if (err) {
    console.log('well that didn\'t work: ' + err.stack);
  } else {
    console.log(tokenResponse);
  }
});

License

Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License");

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

More Repositories

1

microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
TypeScript
3,652
star
2

microsoft-authentication-library-for-dotnet

Microsoft Authentication Library (MSAL) for .NET
C#
1,393
star
3

azure-activedirectory-identitymodel-extensions-for-dotnet

IdentityModel extensions for .Net
C#
1,048
star
4

microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
Python
815
star
5

AzureADAssessment

Tooling for assessing an Azure AD tenant state and configuration
PowerShell
727
star
6

microsoft-identity-web

Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
C#
682
star
7

azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
JavaScript
625
star
8

passport-azure-ad

The code for Passport Azure AD has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
JavaScript
422
star
9

Azure-AD-Incident-Response-PowerShell-Module

The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
PowerShell
405
star
10

azure-activedirectory-library-for-dotnet

ADAL authentication libraries for .net
C#
358
star
11

microsoft-authentication-library-for-java

Microsoft Authentication Library (MSAL) for Java http://aka.ms/aadv2
Java
285
star
12

azure-activedirectory-library-for-python

ADAL for Python
Python
259
star
13

microsoft-authentication-library-for-objc

Microsoft Authentication Library (MSAL) for iOS and macOS
Objective-C
256
star
14

MSIdentityTools

Repository for the Microsoft Identity Tools PowerShell module which provides various tools for performing enhanced Identity administration activities.
PowerShell
230
star
15

microsoft-authentication-library-for-go

The MSAL library for Go is part of the Microsoft identity platform for developers (formerly named Azure AD) v2.0. It enables you to acquire security tokens to call protected APIs. It uses industry standard OAuth2 and OpenID Connect.
Go
229
star
16

microsoft-authentication-library-for-android

Microsoft Authentication Library (MSAL) for Android
Java
209
star
17

azure-activedirectory-library-for-android

The ADAL SDK for Android gives you the ability to add support for Work Accounts to your application with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
Java
177
star
18

azure-activedirectory-library-for-objc

The ADAL SDK for Objective C gives you the ability to add support for Work Accounts to your iOS and macOS applications with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
Objective-C
177
star
19

Deployment-Plans

Step by step guidance to deploy Azure Active Directory capabilities such as Conditional Access, Multi Factor Authentication, Self Service Password, and more.
PowerShell
173
star
20

MSAL.PS

PowerShell
164
star
21

SCIMReferenceCode

Reference code to build a SCIM endpoint to automate provisioning
C#
162
star
22

azure-activedirectory-library-for-java

Java
161
star
23

microsoft-authentication-extensions-for-dotnet

Secure cross-platform token cache for MSAL public client apps
C#
83
star
24

IdentityProtectionTools

Sample PowerShell module and scripts for managing Azure AD Identity Protection service
PowerShell
71
star
25

azure-activedirectory-library-for-cordova

ADAL for Cordova
59
star
26

Apple-SSO-Tools

Apple Enterprise SSO troubleshooting script
Shell
54
star
27

omniauth-azure-activedirectory

Ruby
50
star
28

microsoft-authentication-cli

A command line utility for Azure authentication.
C#
42
star
29

microsoft-authentication-library-common-for-android

Common code used by both the Active Directory Authentication Library (ADAL) and the Microsoft Authentication Library (MSAL)
Java
41
star
30

azure-activedirectory-library-for-ruby

The ADAL for Ruby library makes it easy for Ruby applications to authenticate to AAD in order to access AAD protected web resources.
Ruby
36
star
31

active-directory-b2c-wordpress-plugin-openidconnect

A plugin for WordPress that allows users to authenticate with Azure AD B2C using OpenID Connect.
PHP
31
star
32

microsoft-authentication-library-common-for-objc

Common code used by both the Active Directory Authentication Library (ADAL) and the Microsoft Authentication Library (MSAL)
Objective-C
30
star
33

azure-activedirectory-powershell

This is a repo for Azure AD PowerShell scrips and samples
PowerShell
30
star
34

rms-sdk-for-cpp

RMS SDK for C++
C
29
star
35

microsoft-authentication-extensions-for-python

Microsoft Authentication Library extensions (MSAL EX) provides a persistence API that can save your data on disk, encrypted on Windows, macOS and Linux. Concurrent data access will be coordinated by a file lock mechanism.
Python
29
star
36

entra-id-inbound-provisioning

Samples, scripts and resources to help you get started with Microsoft Entra API-driven inbound provisioning
PowerShell
24
star
37

azure-activedirectory-powershell-for-admins

PowerShell
11
star
38

AzureAD-Governance-Assessment

Scripts to run an AAD Governance Assessment
PowerShell
10
star
39

microsoft-identity-abstractions-for-dotnet

Contains interfaces and data classes used in the .NET Microsoft authentication libraries (MSAL, IdentityModel, Microsoft.Identity.Web, ...)
C#
9
star
40

azure-activedirectory-powershell-tokenkey

Scripts to override the Azure Active Directory token signing key.
PowerShell
8
star
41

rms-sdk-ui-for-ios

RMS SDK UI Components for iOS
Objective-C
8
star
42

MSCloudIDUtils

Sample PowerShell logic for interacting with Azure Active Directory identity and resources using the Microsoft Identity Platform
PowerShell
7
star
43

availability-proxy-for-rest-services

C#
6
star
44

azure-activedirectory-cordova-plugin-graph

JavaScript
5
star
45

microsoft-authentication-extensions-for-java

Microsoft Authentication extensions for MSAL.Java
Java
4
star
46

Cross-tenant-synchronization

3
star
47

rms-sdk-ui-for-android

RMS SDK UI Components for Android
Java
3
star
48

docs

API Documentation
HTML
2
star
49

declaredaccess

Collection of experimental projects for simplifying the use of identity by moving from imperative programming models to declarative programming models.
HTML
2
star
50

rms-sdk-ui-for-windowsstore

RMS SDK for Windows Store Applications
C#
2
star
51

rms-sdk-ui-for-winphone

C#
2
star
52

microsoft-authentication-extensions-for-go

Secure cross-platform token cache for MSAL public client apps
1
star
53

ADALLoginKit

A Helper Library to bootstrap AzureAD Samples
Objective-C
1
star
54

java-flavors-plugin

Plugin to support configuration of "flavors" for java projects.
Groovy
1
star