Converting a single tenant app to multi tenant. Is it possible to protect this with passport authentication using an Azure access token? It works fine for single tenant app. Here is the main code from the route:
const BearerStrategy = require("passport-azure-ad").BearerStrategy;
const options = {
identityMetadata: `https://${config.metadata.authority}/${config.metadata.version}/${config.metadata.discovery}`,
issuer: `https://${config.metadata.authority}/${config.metadata.version}`,
clientID: config.credentials.clientID,
audience: config.credentials.audience,
validateIssuer: config.settings.validateIssuer,
passReqToCallback: config.settings.passReqToCallback,
loggingLevel: "error",
scope: config.resource.scope,
failureDetails: true,
};
console.log(options);
const bearerStrategy = new BearerStrategy(options, (token, done) => {
// Send user info using the second argument
done(null, {}, token);
});
app.use(passport.initialize());
passport.use(bearerStrategy);
router.get(
"/",
passport.authenticate("oauth-bearer", { session: false }),
async (req, res) => {
try {
res.send({ msg: "request received" });
} catch (error) {
console.log(error);
res.status(500).send({ errorMessage: error });
}
},
(err, req, res, info) => {
console.log(err);
console.log(info);
}
);
I'm getting an error saying "cannot get AAD Federation metadata from endpoint you specified".
The options being passed through to the bearer strategy are:
{
identityMetadata: 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration',
issuer: 'https://login.microsoftonline.com/common/v2.0',
clientID: '--- my client ID ---',
audience: 'https://login.microsoftonline.com/common',
validateIssuer: false,
passReqToCallback: false,
loggingLevel: 'error',
scope: [ 'User.Read' ],
failureDetails: true
}
Hoping this is a quick fix - I am not a super expert in this stuff so if there are any things I need to check for, please let me know. I have updated the app registration manifest to accept access tokens of type 2.
Thanks!