Login user with email password via REST API with Azure AD and MSAL
I have a scenario where I have a react native app and a nodejs server. I need to authenticate users with Azure AD. I first thought of social auth using auth providers like Clerk, Appwrite, Supabase, Firebase, etc, but decided to instead do this: user enters their email and password and it will be sent to the backend nodejs api. This API will then use MSAL (or something better if we have it), and authenticate that user against the university's Azure AD and then send a token back to the RN app. When RN app hits the /getStudentData endpoint, it will validate the token and fetch the student's data from the database.
I couldn't find the exact docs or tutorial I was looking for. Does anyone have any experience with something like this? I need to protect my API routes with MSAL but also have the ability to signin user with email and pwd. Is this a good architecture? Any recommendations for me? Thanks.
Note that: If you want to use email and password to login or authenticate the user, you can make use of
acquireTokenByUsernamePasswordmethod.
- But
acquireTokenByUsernamePasswordis not recommended by Microsoft for security reasons. - Personal accounts or MFA enabled user accounts are not supported in ROPC flow.
- Hence, you can also make use of
acquireTokenByCode()method to authenticate the user.
Create an Azure AD application and grant API permissions based on your requirement:
Generated access token using below parameters via Postman:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
grant_type:password
scope:api://xxx/test.read
username:user@xxx.onmicrosoft.com
password:***
client_id:ClientID
To do the same in msal-node, use the below code:
const msal = require("@azure/msal-node");
const msalConfig = {
auth: {
clientId: "ClientID",
authority: "Authority",
}
};
const pca = new msal.PublicClientApplication(msalConfig);
const usernamePasswordRequest = {
scopes: ["scope"],
username: "username",
password: "***",
};
pca.acquireTokenByUsernamePassword(usernamePasswordRequest).then((response) => {
console.log("acquired token by password grant");
}).catch((error) => {
console.log(error);
});
Otherwise make use of acquireTokenByCode() by referring this MsDoc.
- I want to install the "n" package and I get an error
- n <version> command does not activate specified version
- Change n install location
- How to install a specific version of Node on Ubuntu/Debian?
- Different node version for different projects, is there a way of telling node which version to use?
- Install Node.js to install n to install Node.js?
- How to select the latest node.js v6 version using n?
- n-install: ERROR: GNU Make not found, which is required for operation
- How to downgrade Node version with n
- how switch to previous version in n (Node version manager)?
- Automatically use the right version of Node for a package
- internal/modules/cjs/loader.js:905 -> throw err;
- Why doesn't "n" downgrade my node version on a Mac?
- Node version manager
- n failed to install/switch node in Linux?
- vue command not found on Mac
- How to uninstall n and all node versions installed by n
- Angular CLI on HTTPS - can't install CI as root
- n (node version manager): cannot create directory
- npm module n emits errors
- How to update npm permanently?
- Cannot change nodejs version using n
- upgrade nodejs to stable version
- How should I install and use multiple versions of Node on the same production machine?