Completed add auth step

Author: jasonjoh

demo/graph-tutorial/.env.example

@@ -0,0 +1,5 @@
+OAUTH_APP_ID=YOUR_APP_ID_HERE
+OAUTH_APP_SECRET=YOUR_APP_SECRET_HERE
+OAUTH_REDIRECT_URI=http://localhost:3000/auth/callback
+OAUTH_SCOPES='user.read,calendars.read'
+OAUTH_AUTHORITY=https://login.microsoftonline.com/common/

demo/graph-tutorial/app.js

@@ -1,16 +1,50 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
 var createError = require('http-errors');
 var express = require('express');
 var path = require('path');
 var cookieParser = require('cookie-parser');
 var logger = require('morgan');
-var session = require('express-session');
-var flash = require('connect-flash');
+const session = require('express-session');
+const flash = require('connect-flash');
+const msal = require('@azure/msal-node');
+require('dotenv').config();
 
 var indexRouter = require('./routes/index');
 var usersRouter = require('./routes/users');
+var authRouter = require('./routes/auth');
 
 var app = express();
 
+// <MsalInitSnippet>
+// In-memory storage of logged-in users
+// For demo purposes only, production apps should store
+// this in a reliable storage
+app.locals.users = {};
+
+// MSAL config
+const msalConfig = {
+  auth: {
+    clientId: process.env.OAUTH_APP_ID,
+    authority: process.env.OAUTH_AUTHORITY,
+    clientSecret: process.env.OAUTH_APP_SECRET
+  },
+  system: {
+    loggerOptions: {
+      loggerCallback(loglevel, message, containsPii) {
+        console.log(message);
+      },
+      piiLoggingEnabled: false,
+      logLevel: msal.LogLevel.Verbose,
+    }
+  }
+};
+
+// Create msal application object
+app.locals.msalClient = new msal.ConfidentialClientApplication(msalConfig);
+// </MsalInitSnippet>
+
 // <SessionSnippet>
 // Session middleware
 // NOTE: Uses default in-memory session store, which is not
@@ -38,6 +72,12 @@ app.use(function(req, res, next) {
     res.locals.error.push({message: 'An error occurred', debug: errs[i]});
   }
 
+  // Check for an authenticated user and load
+  // into response locals
+  if (req.session.userId) {
+    res.locals.user = app.locals.users[req.session.userId];
+  }
+
   next();
 });
 // </SessionSnippet>
@@ -53,6 +93,7 @@ app.use(cookieParser());
 app.use(express.static(path.join(__dirname, 'public')));
 
 app.use('/', indexRouter);
+app.use('/auth', authRouter);
 app.use('/users', usersRouter);
 
 // catch 404 and forward to error handler

demo/graph-tutorial/graph.js

@@ -0,0 +1,30 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+var graph = require('@microsoft/microsoft-graph-client');
+require('isomorphic-fetch');
+
+module.exports = {
+  getUserDetails: async function(accessToken) {
+    const client = getAuthenticatedClient(accessToken);
+
+    const user = await client
+      .api('/me')
+      .select('displayName,mail,userPrincipalName')
+      .get();
+    return user;
+  }
+};
+
+function getAuthenticatedClient(accessToken) {
+  // Initialize Graph client
+  const client = graph.Client.init({
+    // Use the provided access token to authenticate
+    // requests
+    authProvider: (done) => {
+      done(null, accessToken);
+    }
+  });
+
+  return client;
+}

demo/graph-tutorial/package-lock.json

@@ -13,11 +13,13 @@
     "debug": "^4.1.1",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
+    "express-promise-router": "^4.0.1",
     "express-session": "^1.17.1",
     "hbs": "^4.1.1",
     "http-errors": "^1.8.0",
     "isomorphic-fetch": "^2.2.1",
     "moment": "^2.28.0",
-    "morgan": "^1.10.0"
+    "morgan": "^1.10.0",
+    "uuid": "^8.3.0"
   }
 }

demo/graph-tutorial/package.json

@@ -0,0 +1,92 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+const router = require('express-promise-router')();
+const graph = require('../graph');
+
+/* GET auth callback. */
+router.get('/signin',
+  async function (req, res) {
+    const urlParameters = {
+      scopes: process.env.OAUTH_SCOPES.split(','),
+      redirectUri: process.env.OAUTH_REDIRECT_URI
+    };
+
+    try {
+      const authUrl = await req.app.locals
+        .msalClient.getAuthCodeUrl(urlParameters);
+      res.redirect(authUrl);
+    }
+    catch (error) {
+      console.log(`Error: ${error}`);
+      req.flash('error_msg', {
+        message: 'Error getting auth URL',
+        debug: JSON.stringify(error)
+      });
+      res.redirect('/');
+    }
+  }
+);
+
+// <CallbackSnippet>
+router.get('/callback',
+  async function(req, res) {
+    const tokenRequest = {
+      code: req.query.code,
+      scopes: process.env.OAUTH_SCOPES.split(','),
+      redirectUri: process.env.OAUTH_REDIRECT_URI
+    };
+
+    try {
+      const response = await req.app.locals
+        .msalClient.acquireTokenByCode(tokenRequest);
+
+      // Save the user's homeAccountId in their session
+      req.session.userId = response.account.homeAccountId;
+
+      const user = await graph.getUserDetails(response.accessToken);
+
+      // Add the user to user storage
+      req.app.locals.users[req.session.userId] = {
+        displayName: user.displayName,
+        email: user.mail || user.userPrincipalName
+      };
+    } catch(error) {
+      req.flash('error_msg', {
+        message: 'Error completing authentication',
+        debug: JSON.stringify(error)
+      });
+    }
+
+    res.redirect('/');
+  }
+);
+// </CallbackSnippet>
+
+router.get('/signout',
+  function(req, res) {
+    // Sign out
+    if (req.session.userId) {
+      // Look up the user's account in the cache
+      const accounts = req.app.locals.msalClient
+        .getTokenCache()
+        .getAllAccounts();
+
+      const userAccount = accounts.find(a => a.homeAccountId === req.session.userId);
+
+      // Remove the account
+      if (userAccount) {
+        req.app.locals.msalClient
+          .getTokenCache()
+          .removeAccount(userAccount);
+      }
+    }
+
+    // Destroy the user's session
+    req.session.destroy(function (err) {
+      res.redirect('/');
+    });
+  }
+);
+
+module.exports = router;

demo/graph-tutorial/routes/auth.js

@@ -44,7 +44,9 @@ Before moving on, install some additional packages that you will use later:
 - [moment](https://github.com/moment/moment/) for formatting date/time values.
 - [connect-flash](https://github.com/jaredhanson/connect-flash) to flash error messages in the app.
 - [express-session](https://github.com/expressjs/session) to store values in an in-memory server-side session.
+- [express-promise-router](https://github.com/express-promise-router/express-promise-router) to allow route handlers to return a Promise.
 - [msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node) for authenticating and getting access tokens.
+- [uuid](https://github.com/uuidjs/uuid) used by msal-node to generate GUIDs.
 - [microsoft-graph-client](https://github.com/microsoftgraph/msgraph-sdk-javascript) for making calls to Microsoft Graph.
 - [isomorphic-fetch](https://github.com/matthew-andrews/isomorphic-fetch) to polyfill the fetch for Node. A fetch polyfill is required for the `microsoft-graph-client` library. See the [Microsoft Graph JavaScript client library wiki](https://github.com/microsoftgraph/msgraph-sdk-javascript/wiki/Migration-from-1.x.x-to-2.x.x#polyfill-only-when-required) for more information.
 
@@ -71,8 +73,9 @@ Before moving on, install some additional packages that you will use later:
 1. Update the application to use the `connect-flash` and `express-session` middleware. Open the `./app.js` file and add the following `require` statement to the top of the file.
 
     ```javascript
-    var session = require('express-session');
-    var flash = require('connect-flash');
+    const session = require('express-session');
+    const flash = require('connect-flash');
+    const msal = require('@azure/msal-node');
     ```
 
 1. Add the following code immediately after the `var app = express();` line.