Skip to content
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.

Releases: AzureAD/passport-azure-ad

Passport-Azure-AD now uses ADAL-Node (plus logging fixes and cleanup)

23 Jan 23:35
Compare
Choose a tag to compare

Use of ADAL-Node instead of OAuth2 library from another source.

Fixes #42 Will not allow passing of another logger beyond bunyan. Others may contribute this

Details:

  • The logging now defaults to an ERROR level logging to stderr no matter what
  • The logging now defaults to WARN level logging for everything else, but this can be overridden by a setting passed in to the Strategy if desired
  • This is only for ODIC and Bearer as WS-Fed and SAML are out of support (but anyone is welcome to add it in, should be minimal)

####Fixed issue #76 regarding types not matching in Tests

Details:

  • Fixed the lint issues with the library.
  • Changed the proto deprecation in Error methods such as InternalOpenIDError.prototype = Object.create(Error.prototype); instead of the controversial (and Lint complaining) InternalOpenIDError.prototype.__proto__ = Error.prototype; from previous dev. This should also make execution faster.
  • Removed all TODOs: and NOTEs:

Fixes #78 Lint now passes

Details:

  • Fixed bugs in the waterfall() for odicstrategy.js which was causing issues when loading profiles. This adds back support for B2C and v2 flows (id_token only flows, essentially)
  • This officially resolves issue #78

Fixes #74 - state is now passed.

Fixes #73 - we now pass Req to callback if specified

Details:

  • In addition, I now have a simplified return of (profile, done) as per the convention of Passport libs. (see oidcstrategy.js)
  • In addition, fixed issue with samples so that server validates issue by default in v1 and v2 flows.

B2C Support and caching

01 Sep 19:42
Compare
Choose a tag to compare
  • Support for B2C in v2 of our API.
    B2C Support - when it launches you can easily use policies in your node.js application! Just check out /examples/login-oidc-b2c for details.
    You just specify the tenantName: and then add some routes.
  • This meant a complete rework of how the Strategy works. It's now waterfalls in to waterfalls (beautiful, if you think about it) which loads items based on need. Much better way of doing it that I wanted to get to for some time.
  • Biggest feature: speed improvement: I've implemented caching of the metadata with a cache-manager.
    This increases speed amazingly.
    I needed to do this because now we load metadata at clicktime and not at server launch, so this was required.
  • I set the cache expiry to 30 mintues for now, we'll see how that goes. May expose it out in config if users want.
  • The key I use is the policy that is passed to the Strategy, or use 'standard' for v1 and v2 flows (if there is no

Previous release (1.2.0):

  • Support for v1 and v2 API endpoints.

Massive update that fixes a lot that was wrong with the original OpenID Connect Implementation.

Lots of new settings given to you that you can pass in. Look at the client_config_v1.js example to see these. In detail:
You can now specify if user profile should be loaded. (HINT: You shouldn't - as we don't have a user profile lookup.) Default is to skip which you should for AzureAD and MSA. #51

Turns out that my OpenID Connect implementation only have OAuth2 query support, and passed code and tokens through such. This is against spec, against nature, and now fixed. #50

Both the id_token code and id_token flows now support POST and will do the right thing no matter if using v1 or v2. Fragment still not supported. #49

I've exposed this as a config setting you can pass: responseType:. The default is id_token code to match the rest of ADAL.

Login only id_token is now supported *through POST only.

OAuth flows code and OAuth + OpenID Connect id_token code support query or POST response modes.

In addition, I've exposed this as a config setting you can pass: responseMode:. The default is form_post
In support of this, I've updated the app.js in /example to work no matter if using id_token, or id_token code for either v1 or v2.

Added nonce that is actually a nonce (utils.uid(16))

passport OIDC strategy now respects the metadata that is passed to it, so any PPE and Prod metadata endpoints, both v1 and v2, will work.

Support for v1 and v2 APIs. Many fixes

31 Aug 00:39
Compare
Choose a tag to compare
  • Support for v1 or v2 of our API. You just change the knobs and the metadata endpoint!
  • Massive update that fixes a lot that was wrong with the original OpenID Connect Implementation.
    • Lots of new settings given to you that you can pass in. Look at the client_config_v1.js example to see these. In detail:
    • You can now specify if user profile should be loaded. (HINT: You shouldn't - as we don't have a user profile lookup.) Default is to skip which you should for AzureAD and MSA. #51
    • Turns out that my OpenID Connect implementation only have OAuth2 query support, and passed code and tokens through such. This is against spec, against nature, and now fixed. #50
      • Both the id_token code and id_token flows now support POST and will do the right thing no matter if using v1 or v2. Fragment still not supported. #49
        • I've exposed this as a config setting you can pass: responseType:. The default is id_token code to match the rest of ADAL.
        • *Login only id_token is now supported through POST only.
        • OAuth flows code and OAuth + OpenID Connect id_token code support query or POST response modes.
        • In addition, I've exposed this as a config setting you can pass: responseMode:. The default is form_post
    • In support of this, I've updated the app.js in /example to work no matter if using id_token, or id_token code for either v1 or v2.
    • Added nonce that is actually a nonce (utils.uid(16))
  • passport OIDC strategy now respects the metadata that is passed to it, so any PPE and Prod metadata endpoints, both v1 and v2, will work.