Use express-jwt as middleware to validate Azure AD tokens

Question

Use express-jwt as middleware to validate Azure AD tokens

I would like to know if express-jwt NPM can be used as middleware to validate JWT tokens released by Azure AD.

We have a web API written in express / node and would like to use an intermediate layer template to protect our endpoints and populate the user principle.

as follows:

 server.use(jwt({ audience: '{UUID}', issuer: 'https://sts.windows.net/{UUID}', }).unless({path : ['/']}))

does not work, because it requires client privacy, but tokens are extracted from AD (as in an implicit stream) through user interaction and there is no client privacy.

+5

authentication node.js express openid-connect

Lutando Nov 15 '16 at 7:49

source share

1 answer

tensai · Accepted Answer · 2016-11-15T09:47:16+0000

You can use "azure-ad-jwt". This is fairly straightforward and does not require injection into the middleware. Of course, you can use it as an intermediate step in your own "middleware".

  private verifyToken(req: any, res: any) { var audience = "xxxxxxxxx"; var tenantId = "xxxxxxxxx"; var authorization = req.headers['authorization']; return Rx.Observable.create((observer) => { if (authorization) { var bearer = authorization.split(" "); var jwtToken = bearer[1]; if (jwtToken) { aad.verify(jwtToken, { audience: audience, tenantId: tenantId }, function (err, result) { if (result) { observer.next(true); } else { res.status(401).send('That is not a valid token!'); } }) } else { res.status(401).send('No token in header.'); } } else { res.status(401).send('Missing authorization attribute in header.'); } }); }

Use express-jwt as middleware to validate Azure AD tokens

More articles: