Merge pull request #111 from 4gust/main

Updating the sample application for updating profile through MFA

Author: kengaderdus

1-Authentication/7-sign-in-express-mfa/Api/authConfig.js

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+
+require("dotenv").config({ path: ".env.dev" });
+
+const TENANT_SUBDOMAIN =
+  process.env.TENANT_SUBDOMAIN || "Enter_the_Tenant_Subdomain_Here";
+const TENANT_ID = process.env.TENANT_ID || "Enter_the_Tenant_ID_Here";
+const REDIRECT_URI =
+  process.env.REDIRECT_URI || "http://localhost:3000/auth/redirect";
+const POST_LOGOUT_REDIRECT_URI =
+  process.env.POST_LOGOUT_REDIRECT_URI || "http://localhost:3000";
+
+/**
+ * Configuration object to be passed to MSAL instance on creation.
+ * For a full list of MSAL Node configuration parameters, visit:
+ * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/configuration.md
+ */
+const msalConfig = {
+  auth: {
+    clientId:
+      process.env.CLIENT_ID ||
+      "Enter_the_Edit_Profile_Service_Application_Id_Here", // 'Application (client) ID' of the Edit_Profile Service App registration in Microsoft Entra admin center - this value is a GUID
+    authority:
+      process.env.AUTHORITY || `https://${TENANT_SUBDOMAIN}.ciamlogin.com/`, // Replace the placeholder with your external tenant name
+    clientSecret: process.env.CLIENT_SECRET || "Enter_the_Client_Secret_Here", // Client secret generated from the app registration in Microsoft Entra admin center
+  },
+  system: {
+    loggerOptions: {
+      loggerCallback(loglevel, message, containsPii) {
+        console.log(message);
+      },
+      piiLoggingEnabled: false,
+      logLevel: "Info",
+    },
+  },
+};
+
+const GRAPH_API_ENDPOINT = process.env.GRAPH_API_ENDPOINT || "graph_end_point";
+// Refers to the user that is single user singed in.
+// https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http
+const GRAPH_ME_ENDPOINT = GRAPH_API_ENDPOINT + "v1.0/me";
+
+module.exports = {
+  msalConfig,
+  REDIRECT_URI,
+  POST_LOGOUT_REDIRECT_URI,
+  TENANT_SUBDOMAIN,
+  GRAPH_API_ENDPOINT,
+  GRAPH_ME_ENDPOINT,
+  TENANT_ID,
+};

1-Authentication/7-sign-in-express-mfa/Api/fetch.js

@@ -0,0 +1,32 @@
+var axios = require("axios");
+
+/**
+ * Makes an Authorization "Bearer" request with the given accessToken to the given endpoint.
+ * @param endpoint
+ * @param accessToken
+ * @param method
+ */
+const fetch = async (endpoint, accessToken, method = "GET", data = null) => {
+  const options = {
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+    },
+  };
+  console.log(`request made to ${endpoint} at: ` + new Date().toString());
+
+  switch (method) {
+    case "GET":
+      const response = await axios.get(endpoint, options);
+      return await response.data;
+    case "POST":
+      return await axios.post(endpoint, data, options);
+    case "DELETE":
+      return await axios.delete(endpoint + `/${data}`, options);
+    case "PATCH":
+      return await axios.patch(endpoint, (ReqBody = data), options);
+    default:
+      return null;
+  }
+};
+
+module.exports = { fetch };

1-Authentication/7-sign-in-express-mfa/Api/index.js

@@ -0,0 +1,65 @@
+// Import necessary modules
+const express = require("express");
+const msal = require("@azure/msal-node");
+const app = express();
+const port = 3001;
+const { v4: uuidv4 } = require("uuid");
+const {
+  msalConfig,
+  GRAPH_ME_ENDPOINT,
+  TENANT_SUBDOMAIN,
+  TENANT_ID,
+} = require("./authConfig");
+
+var { fetch } = require("./fetch");
+
+// Middleware to parse incoming JSON requests
+app.use(express.json());
+
+const cca = new msal.ConfidentialClientApplication(msalConfig);
+
+// Function to acquire token using client credentials
+async function getAccessToken(tokenRequest) {
+  try {
+    const response = await cca.acquireTokenOnBehalfOf(tokenRequest);
+    return response.accessToken;
+  } catch (error) {
+    console.error("Error acquiring token:", error);
+    throw error;
+  }
+}
+
+// Define the updateUserInfo endpoint
+app.post("/updateUserInfo", async (req, res) => {
+  try {
+    const tokenRequest = {
+      oboAssertion: req.headers.authorization.replace("Bearer ", ""),
+      authority: `https://${TENANT_SUBDOMAIN}.ciamlogin.com/${TENANT_ID}`,
+      scopes: ["User.ReadWrite"],
+      correlationId: `${uuidv4()}`,
+    };
+
+    let accessToken = await getAccessToken(tokenRequest);
+    fetch(GRAPH_ME_ENDPOINT, accessToken, "PATCH", req.body)
+      .then((response) => {
+        if (response.status === 204) {
+          res.status(response.status);
+          res.json({ message: "Success" });
+        } else {
+          res.status(502);
+          res.json({ message: "Failed, " + response.body });
+        }
+      })
+      .catch((error) => {
+        res.status(502);
+        res.json({ message: "Failed, " + error });
+      });
+  } catch (err) {
+    res.json({ message: "Failed, " + err });
+  }
+});
+
+// Start the server
+app.listen(port, () => {
+  console.log(`Server is running on http://localhost:${port}`);
+});