In this exercise we will explore authn and authz frameworks.
Our app will list the context of your inbox. A web page is presented, when show inbox is selected the app will trigger a authorization code grant flow and list content of the inbox. This version of the app uses the Microsoft Authentication Library (MSAL) - the NodeJS version.
- Exploring frameworks for OAuth2
- Preparing the development environment
- Exploring the code
- Running the application
- Security considerations
- Lines of code - dependency scanning (🥸)
NodeJS based backend, simple html on front end. SSO using oauth with Microsoft Entra ID
Important NodeJS modules
- Fastify - web server framework
- Handlebars - templating language
- Got - http request library
- Pino - NodeJs logger
- Tap - Test framework for JS
- Sinon - Test spies, stubs and mocks for JS
- MSAL for Node - Microsoft Auth library for Node
npm installnpm testExpects the following environment variables to execute properly
export NODE_ENV=production
export CLIENT_SECRET=''
export CLIENT_ID=""
export TENANT_ID=""
export PORT=3000
export REDIRECT_URI=https://...../callback
npm start- npm test (execute unit tests)
- npm run test-cover (run, reload on changes, show coverage)
- npm run dev (run server, reload on changes)
- npm run snyk (scan for open source vulnerabilities)
To keep modules updated:
- npm outdated (list outdated modules)
- npm upgrade (upgrade minor versions of modules)
- npm install @latest
(remember to verify and execute test before major version updated, or in fact after any update)