Hey @djluck, I think the userPrincipleName keyword in AzureAd.whitelistedFields should actually be userPrincipalName. I realized this after examining the graphUser object.

Update: This typo is also found in here and here.

Is there a way to respect scope/permissions requests passed by the application via options.requestPermissions?

For instance, in this google login example, the "scope" URL argument is passed to the dialog, asking for additional permissions from the end user: https://github.com/meteor/meteor/blob/devel/packages/google/google_client.js#L29

Is this possible in azureAd? Does combining request scopes into a URL element -- as in the google example -- work for azure oauth login?

https://github.com/djluck/azure-active-directory/blame/master/lib/serverHttp.js#L18

The response that you get from HTTP data contains the following attributes:

statusCode Number
    Numeric HTTP result status code, or null on error.
content String
    The body of the HTTP response as a string.
data Object or null
    If the response headers indicate JSON content, this contains the body of the document parsed as a
    JSON object.
headers Object
    A dictionary of HTTP headers from the response. 

When adding a resource for the Onenote API and try to get page content, the content is not returned as JSON, but as a string of HTML. This means that response.data is null and the request throws an exception. 🎉 TypeError: Cannot read property 'error' of null

https://docs.meteor.com/api/http.html

https://github.com/djluck/azure-active-directory/blob/master/azure_ad_server.js#L34-L39

Hey @djluck I don't believe it's correct to set the email address here (no core accounts packages do this).

Normally token needs to be validated to verify the data came from Azure. How does this package achieve this?

Thanks!

Hi @djluck, thank you for creating this cool package 👍
I just have one minor concern...Should we put onCreateUsers [https://github.com/djluck/azure-active-directory/blob/master/azure_ad_server.js#L5] to package? IMO, onCreateUsers can be called only once so it will be a limitation if we want not only azure sso but also facebook, twitter...