Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] Add AAD Custom Auth Support & Setup Custom Auth Framework #878

Merged
merged 9 commits into from
Aug 13, 2024
41 changes: 41 additions & 0 deletions src/core/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,47 @@ export const SWA_AUTH_CONTEXT_COOKIE = `StaticWebAppsAuthContextCookie`;
export const SWA_AUTH_COOKIE = `StaticWebAppsAuthCookie`;
export const ALLOWED_HTTP_METHODS_FOR_STATIC_CONTENT = ["GET", "HEAD", "OPTIONS"];

// Custom Auth constants
export const SUPPORTED_CUSTOM_AUTH_PROVIDERS = ["google", "github", "aad", "dummy"];
/*
The full name is required in staticwebapp.config.json's schema that will be normalized to aad
https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-custom?tabs=aad%2Cinvitations
*/
export const ENTRAID_FULL_NAME = "azureActiveDirectory";
export const CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
google: {
host: "oauth2.googleapis.com",
path: "/token",
},
github: {
host: "github.com",
path: "/login/oauth/access_token",
},
aad: {
host: "login.microsoftonline.com",
path: "/tenantId/oauth2/v2.0/token",
},
};
export const CUSTOM_AUTH_USER_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
google: {
host: "www.googleapis.com",
path: "/oauth2/v2/userinfo",
},
github: {
host: "api.github.com",
path: "/user",
},
aad: {
host: "graph.microsoft.com",
path: "/oidc/userinfo",
},
};
export const CUSTOM_AUTH_ISS_MAPPING: AuthIdentityIssHosts = {
google: "https://account.google.com",
github: "",
aad: "https://graph.microsoft.com",
};

export const AUTH_STATUS = {
NoAuth: 0,
HostNameAuthLogin: 1,
Expand Down
15 changes: 9 additions & 6 deletions src/msha/auth/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,30 @@ import type http from "node:http";
import { serializeCookie } from "../../core/utils/cookie.js";
import { logger } from "../../core/utils/logger.js";
import { response as newResponse } from "../../core/utils/net.js";
import { SUPPORTED_CUSTOM_AUTH_PROVIDERS } from "../../core/constants.js";

function getAuthPaths(isCustomAuth: boolean): Path[] {
const paths: Path[] = [];

if (isCustomAuth) {
const supportedAuthsRegex = SUPPORTED_CUSTOM_AUTH_PROVIDERS.join("|");

paths.push({
method: "GET",
// only match for providers with custom auth support implemented (github, google)
route: /^\/\.auth\/login\/(?<provider>github|google|dummy)\/callback(\?.*)?$/i,
// only match for providers with custom auth support implemented (github, google, aad)
route: new RegExp(`^/\\.auth/login/(?<provider>${supportedAuthsRegex})/callback(\\?.*)?$`, "i"),
function: "auth-login-provider-callback",
});
paths.push({
method: "GET",
// only match for providers with custom auth support implemented (github, google)
route: /^\/\.auth\/login\/(?<provider>github|google|dummy)(\?.*)?$/i,
// only match for providers with custom auth support implemented (github, google, aad)
route: new RegExp(`^/\\.auth/login/(?<provider>${supportedAuthsRegex})(\\?.*)?$`, "i"),
function: "auth-login-provider-custom",
});
paths.push({
method: "GET",
// For providers with custom auth support not implemented, revert to old behavior
route: /^\/\.auth\/login\/(?<provider>aad|twitter|facebook|[a-z]+)(\?.*)?$/i,
route: /^\/\.auth\/login\/(?<provider>twitter|facebook|[a-z]+)(\?.*)?$/i,
Timothyw0 marked this conversation as resolved.
Show resolved Hide resolved
function: "auth-login-provider",
});
paths.push({
Expand All @@ -33,7 +36,7 @@ function getAuthPaths(isCustomAuth: boolean): Path[] {
} else {
paths.push({
method: "GET",
route: /^\/\.auth\/login\/(?<provider>aad|github|twitter|google|facebook|[a-z]+)(\?.*)?$/i,
route: /^\/\.auth\/login\/(?<provider>github|twitter|google|facebook|[a-z]+)(\?.*)?$/i,
function: "auth-login-provider",
});
}
Expand Down
Loading
Loading