| 1 | /****************
|
| 2 | * IMPORTS
|
| 3 | */
|
| 4 |
|
| 5 | var util = require('util')
|
| 6 | var OAuth2Strategy = require('passport-oauth2')
|
| 7 | var InternalOAuthError = require('passport-oauth2').InternalOAuthError
|
| 8 |
|
| 9 | /**
|
| 10 | * `Strategy` constructor.
|
| 11 | *
|
| 12 | * The Microsoft authentication strategy authenticates requests by delegating to
|
| 13 | * Microsoft using the OAuth 2.0 protocol.
|
| 14 | *
|
| 15 | * Applications must supply a `verify` callback which accepts an `accessToken`,
|
| 16 | * `refreshToken` and service-specific `profile`, and then calls the `done`
|
| 17 | * callback supplying a `user`, which should be set to `false` if the
|
| 18 | * credentials are not valid. If an exception occured, `err` should be set.
|
| 19 | *
|
| 20 | * Options:
|
| 21 | * - `clientId` your Microsoft application's client id
|
| 22 | * - `clientSecret` your Microsoft application's client secret
|
| 23 | * - `callbackURL` URL to which Microsoft will redirect the user after granting authorization in your Microsoft Application
|
| 24 | *
|
| 25 | * Examples:
|
| 26 | *
|
| 27 | * var MicrosoftStrategy = require('passport-microsoft').Strategy;
|
| 28 | *
|
| 29 | * passport.use(new MicrosoftStrategy({
|
| 30 | * clientID: '123-456-789',
|
| 31 | * clientSecret: 'shhh-its-a-secret'
|
| 32 | * callbackURL: 'https://www.example.net/auth/microsoft/callback'
|
| 33 | * },
|
| 34 | * function(accessToken, refreshToken, profile, done) {
|
| 35 | * User.findOrCreate(..., function (err, user) {
|
| 36 | * done(err, user);
|
| 37 | * });
|
| 38 | * }
|
| 39 | * ));
|
| 40 | *
|
| 41 | * @param {Object} options
|
| 42 | * @param {Function} verify
|
| 43 | * @api public
|
| 44 | */
|
| 45 |
|
| 46 | function MicrosoftStrategy(options, verify) {
|
| 47 | options = options || {}
|
| 48 | options.authorizationURL = options.authorizationURL || 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize';
|
| 49 | options.tokenURL = options.tokenURL || 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
|
| 50 | options.scopeSeparator = options.scopeSeparator || ' ';
|
| 51 | options.customHeaders = options.customHeaders || {};
|
| 52 |
|
| 53 | OAuth2Strategy.call(this, options, verify)
|
| 54 | this.name = 'microsoft'
|
| 55 | }
|
| 56 |
|
| 57 | /**
|
| 58 | * Inherit from `OAuth2Strategy`.
|
| 59 | */
|
| 60 |
|
| 61 | util.inherits(MicrosoftStrategy, OAuth2Strategy)
|
| 62 |
|
| 63 | /**
|
| 64 | * Retrieve user profile from Microsoft Graph.
|
| 65 | *
|
| 66 | * This function constructs a normalized profile, with the following properties:
|
| 67 | *
|
| 68 | * - `provider` always set to `microsoft`
|
| 69 | * - `id`
|
| 70 | * - etc..
|
| 71 | *
|
| 72 | * @param {String} accessToken
|
| 73 | * @param {Function} done
|
| 74 | * @api protected
|
| 75 | */
|
| 76 |
|
| 77 | MicrosoftStrategy.prototype.userProfile = function (accessToken, done) {
|
| 78 |
|
| 79 | this._oauth2.useAuthorizationHeaderforGET(true);
|
| 80 | this._oauth2.get(
|
| 81 | 'https://graph.microsoft.com/v1.0/me/',
|
| 82 | accessToken,
|
| 83 | function (err, body, res) {
|
| 84 |
|
| 85 | if (err) {
|
| 86 | return done(new InternalOAuthError('failed to fetch user profile', err))
|
| 87 | }
|
| 88 | try {
|
| 89 | var json = JSON.parse(body)
|
| 90 |
|
| 91 | var profile = {
|
| 92 | provider: 'microsoft',
|
| 93 | name: {}
|
| 94 | }
|
| 95 | profile.id = json.id
|
| 96 | profile.displayName = json.displayName
|
| 97 | profile.name.familyName = json.surname
|
| 98 | profile.name.givenName = json.givenName
|
| 99 | profile.emails = [{ type: 'work', value: json.mail || json.userPrincipalName }]
|
| 100 |
|
| 101 | profile._raw = body
|
| 102 | profile._json = json
|
| 103 |
|
| 104 | done(null, profile)
|
| 105 | }
|
| 106 | catch (e) {
|
| 107 | done(e)
|
| 108 | }
|
| 109 | }
|
| 110 | )
|
| 111 | }
|
| 112 |
|
| 113 | /**
|
| 114 | * Expose `Strategy`.
|
| 115 | */
|
| 116 |
|
| 117 | module.exports = MicrosoftStrategy
|