Login user with email password via REST API with Azure AD and MSAL
I have a scenario where I have a react native app and a nodejs server. I need to authenticate users with Azure AD. I first thought of social auth using auth providers like Clerk, Appwrite, Supabase, Firebase, etc, but decided to instead do this: user enters their email and password and it will be sent to the backend nodejs api. This API will then use MSAL (or something better if we have it), and authenticate that user against the university's Azure AD and then send a token back to the RN app. When RN app hits the /getStudentData endpoint, it will validate the token and fetch the student's data from the database.
I couldn't find the exact docs or tutorial I was looking for. Does anyone have any experience with something like this? I need to protect my API routes with MSAL but also have the ability to signin user with email and pwd. Is this a good architecture? Any recommendations for me? Thanks.
Note that: If you want to use email and password to login or authenticate the user, you can make use of
acquireTokenByUsernamePasswordmethod.
- But
acquireTokenByUsernamePasswordis not recommended by Microsoft for security reasons. - Personal accounts or MFA enabled user accounts are not supported in ROPC flow.
- Hence, you can also make use of
acquireTokenByCode()method to authenticate the user.
Create an Azure AD application and grant API permissions based on your requirement:
Generated access token using below parameters via Postman:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
grant_type:password
scope:api://xxx/test.read
username:user@xxx.onmicrosoft.com
password:***
client_id:ClientID
To do the same in msal-node, use the below code:
const msal = require("@azure/msal-node");
const msalConfig = {
auth: {
clientId: "ClientID",
authority: "Authority",
}
};
const pca = new msal.PublicClientApplication(msalConfig);
const usernamePasswordRequest = {
scopes: ["scope"],
username: "username",
password: "***",
};
pca.acquireTokenByUsernamePassword(usernamePasswordRequest).then((response) => {
console.log("acquired token by password grant");
}).catch((error) => {
console.log(error);
});
Otherwise make use of acquireTokenByCode() by referring this MsDoc.
- How to run TypeScript files from command line?
- How to save javascript array as redis list
- Is using `exec` in nodejs to convert word file to pdf via `pandoc` a safe way?
- How can I specify the migrations directory for typeorm CLI?
- how can I add menu button in telegram bot
- Node.js/Windows error: ENOENT, stat 'C:\Users\RT\AppData\Roaming\npm'
- Steps to send a https request to a rest service in Node js
- React app throwing error while i am importing docusign-esign module
- passport.deserializeUser function never getting called
- Getting a list of all countries to using npm countries-list
- Web Component not rendering when loaded from UNPKG CDN?
- Uncaught TypeError: Failed to resolve module specifier "react-router-dom". Relative references must start with either "/", "./", or "../"
- How do you disable Google Chrome SafeBrowsing while using Puppeteer?
- How can we add String Validation Like Enum In Nodejs and Sequelize
- Visual Studio Code Intellisense not working for Javascript
- node.js: gm throws spawn E2BIG error when passed too much data
- BCrypt error Illegal arguments: string, object
- "Error: Cannot find module 'metro-core'" when starting an Expo project
- Backend JavaScript file EmailJS send error
- NodeJS error "EMFILE, too many open files" on Mac OS
- Node.js console.log() not logging anything
- npx create-next-app@latest is giving errors
- Parse csv using "csv-parser" node JS
- Google Cloud Storage get signedUrl from CDN npm
- Does csv-parse allow you to read from file?
- Firefox can't establish a websocket connection while Chrome can
- Using Docker with nodejs with node-gyp dependencies
- npm error E401: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
- Node.js Writing into YAML file
- Restart node upon changing a file