Comments (2)
I think I answered my own question...
- It looks like tokens that are used to access the MS Graph API do not include any custom scopes.
- Custom APIs require the token to include the scope defined in the API application.
Therefore two tokens are required in that scenario.
For now, I solved by using @azure/msal
library to get an apiAccessToken in the server/routes/auth/microsoft.get.ts
call
import * as msal from '@azure/msal-node'
async function acquireAPITokenByRefreshToken(refreshToken) {
const authority = `https://login.microsoftonline.com/${process.env.NUXT_OAUTH_MICROSOFT_TENANT}`
const config = {
auth: {
clientId: process.env.NUXT_OAUTH_MICROSOFT_CLIENT_ID || '',
authority,
clientSecret: process.env.NUXT_OAUTH_MICROSOFT_CLIENT_SECRET || '',
knownAuthorities: [authority],
},
system: {
loggerOptions: {
loggerCallback(loglevel, message, containsPii) {
console.log(message)
},
piiLoggingEnabled: false,
logLevel: msal.LogLevel.Error,
},
},
}
const cca = new msal.ConfidentialClientApplication(config)
return cca.acquireTokenByRefreshToken({
scopes: [`api://${process.env.NUXT_OAUTH_MICROSOFT_CLIENT_ID}/access_as_user`],
refreshToken,
}).catch((err) => console.log(err))
}
export default oauth.microsoftEventHandler({
config: {
scope: ['openid', 'offline_access', 'profile', 'User.Read',], // USE AN ARRAY FOR YOUR SCOPES
},
async onSuccess(event, { user, tokens }) {
const apiAccessDetails = await acquireAPITokenByRefreshToken(tokens.refresh_token)
await setUserSession(event, {
user,
loggedInAt: Date.now(),
graphAccessToken: tokens.access_token,
apiAccessToken: apiAccessDetails?.accessToken
})
console.log('User logged in')
return sendRedirect(event, '/')
}
})
Any suggestion how to implement cleaner would be appreciated.
from nuxt-auth-utils.
Your solution looks good to me.
from nuxt-auth-utils.
Related Issues (20)
- How can use Laravel passport HOT 1
- Cannot use clear in middleware HOT 1
- Add more scopes on the google oath HOT 2
- The API (server routes) for getting and deleting sessions should be configurable HOT 4
- How to block/suspend users? HOT 2
- Mocking providers for E2E Testing
- Configure session expiration? HOT 1
- bug: Session Fails to Set When Exceeding Data Size Limit HOT 2
- Impossible to login using Safari with localhost HOT 2
- 204 No Content on Cloudflare Pages HOT 3
- Discord Always Fails HOT 3
- Safe again Cross Site Request Forgery (CSRF)? HOT 2
- [Question] nitro + sqlite auth HOT 1
- [Question]: When is the session server side available? Initial authorized api request possible? HOT 4
- Support for OIDC providers which expose `.well-known/openid-configuration` HOT 2
- Mixed use of ofetch and $fetch HOT 3
- Is session refresh implemented? HOT 14
- Does this module work in an SPA setting? HOT 2
- Github redirect uri not match. When i use https,how to deal with it? HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nuxt-auth-utils.