azure-active-directory
An implementation of the Azure Active Directory OAuth 2.0 flow.
This package is forked from the original djluck/azure-active-directory.
Usage
Single Tenant
If you are using this package for single tenant (i.e only your organization) you just need to add the following service configuration.
1ServiceConfiguration.configuration.insert({ 2 "_id": "_id", 3 "service": "azureAd", 4 "clientId": "client_id", 5 "secret": "secret_key", 6 "tenantId": "tenant_id", 7 "loginStyle": "popup or redirect", 8})
Then, make sure to have this information on the client and log in with Meteor.loginWithAzure.
Multitenant
If you want to use it for multiple organizations, you need to implement it in the following way:
- Create a collection to store the configurations for each domain.
- Publish to the client the configuration you want.
- Overwrite
OAuth._stateParamto accept additional things to add to the state (like tenantId). - Call
loginWithAzure({ config: { ...configHere } }) - On the server, overwrite
AzureAd.getConfiguration({ tenantId, state })where in this casetenantIdwill be null - Then you need to decode the
state base 64string and get thetenantIdfrom it.
Example:
1AzureAd.getConfiguration = ({ tenantId, state: stateBase64 }) => { 2 try { 3 const decodedString = !tenantId && Buffer.from(stateBase64, 'base64').toString('utf-8'); 4 const { tenantId: tenantIdFromState } = JSON.parse(decodedString); 5 const config = SSOConfigs.findOne({ tenant_id: tenantId || tenantIdFromState }); 6 7 return { 8 ...config, 9 tenantId: config.tenant_id, 10 tenant: config.tenant_id, 11 clientId: config.client_id, 12 }; 13 } catch (e) { 14 console.error('ERROR DECODING SSO STATE'); 15 throw e; 16 } 17};