revise configs

Author: derisen

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 10/01/2020
+
+* Token validation logic revised.
+
 ## 08/05/2020
 
 * Added issue & PR templates.

README.md

@@ -49,7 +49,6 @@ You will need a **client** application for calling the Web API. Choose:
 |:---------------------|:----------------------------------------------------------|
 | `.gitignore`         | Defines what to ignore at commit time.                    |
 | `CHANGELOG.md`       | List of changes to the sample.                            |
-| `CODE_OF_CONDUCT.md` | Code of Conduct information.                              |
 | `config.js`          | Contains configuration parameters for the sample.         |
 | `CONTRIBUTING.md`    | Guidelines for contributing to the sample.                |
 | `index.js`           | Main application logic resides here.                      |
@@ -142,7 +141,7 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
 
 > In the steps below, "ClientID" is the same as "Application ID" or "AppId".
 
-1. Open the `auth.json` file.
+1. Open the `config.json` file.
 1. Find the key `clientID` and replace the existing value with the application ID (clientId) of the `active-directory-b2c-javascript-nodejs-webapi` application copied from the Azure portal.
 1. Find the key `tenantID` and replace the existing value with your Azure AD tenant ID.
 1. Find the key `audience` and replace the existing value with the application ID (clientId) of the `active-directory-b2c-javascript-nodejs-webapi` application copied from the Azure portal.

auth.json

@@ -0,0 +1,25 @@
+{
+    "credentials": {
+        "tenantID": "Enter_the_Tenant_ID",
+        "clientID": "93733604-cc77-4a3c-a604-87084dd55348",
+        "audience": "93733604-cc77-4a3c-a604-87084dd55348"
+    },
+    "policies": {
+        "policyName": "B2C_1_SUSI"
+    },
+    "resource": {
+        "scope": ["demo.read"]
+    },
+    "metadata": {
+        "b2cDomain": "fabrikamb2c.b2clogin.com",
+        "authority": "login.microsoftonline.com",
+        "discovery": ".well-known/openid-configuration",
+        "version": "v2.0"
+    },
+    "settings": {
+        "isB2C": true,
+        "validateIssuer": false,
+        "passReqToCallback": false,
+        "loggingLevel": "info"
+    }
+}

config.json

@@ -1,20 +1,18 @@
-const express = require("express");
-const morgan = require("morgan");
-const passport = require("passport");
-const auth = require('./auth');
-const session = require('express-session');
+const express = require('express');
+const morgan = require('morgan');
+const passport = require('passport');
+const config = require('./config.json');
 
 const BearerStrategy = require('passport-azure-ad').BearerStrategy;
 
 const options = {
-    identityMetadata: "https://" + b2cDomainHost + "/" + tenantId + "/" + policyName + "/v2.0/.well-known/openid-configuration/",
-    clientID: clientID,
-    policyName: policyName,
-    isB2C: true,
-    validateIssuer: false,
-    loggingLevel: 'info',
-    loggingNoPII: false,
-    passReqToCallback: false
+    identityMetadata: `https://${config.metadata.b2cDomain}/${config.credentials.tenantID}/${config.policies.policyName}/${config.metadata.version}/${config.metadata.discovery}`,
+    clientID: config.credentials.clientID,
+    policyName: config.policies.policyName,
+    isB2C: config.settings.isB2C,
+    validateIssuer: config.settings.validateIssuer,
+    loggingLevel: config.settings.loggingLevel,
+    passReqToCallback: config.settings.passReqToCallback
 }
 
 const bearerStrategy = new BearerStrategy(options, (token, done) => {
@@ -26,21 +24,20 @@ const bearerStrategy = new BearerStrategy(options, (token, done) => {
 const app = express();
 
 app.use(morgan('dev'));
-app.use(session({ secret: 'randomly-generated_secret' }));
+
 app.use(passport.initialize());
-app.use(passport.session());
 
 passport.use(bearerStrategy);
 
-//enable CORS
+//enable CORS (for testing only -remove in production/deployment)
 app.use((req, res, next) => {
-    res.header("Access-Control-Allow-Origin", "*");
-    res.header("Access-Control-Allow-Headers", "Authorization, Origin, X-Requested-With, Content-Type, Accept");
+    res.header('Access-Control-Allow-Origin', '*');
+    res.header('Access-Control-Allow-Headers', 'Authorization, Origin, X-Requested-With, Content-Type, Accept');
     next();
 });
 
 // API endpoint
-app.get("/hello",
+app.get('/hello',
     passport.authenticate('oauth-bearer', {session: false}),
     (req, res) => {
         console.log('Validated claims: ', req.authInfo);
@@ -53,5 +50,5 @@ app.get("/hello",
 const port = process.env.PORT || 5000;
 
 app.listen(port, () => {
-    console.log("Listening on port " + port);
+    console.log('Listening on port ' + port);
 });

index.js

@@ -13,7 +13,6 @@
   },
   "dependencies": {
     "express": "^4.14.0",
-    "express-session": "^1.17.1",
     "morgan": "^1.7.0",
     "passport": "^0.3.2",
     "passport-azure-ad": "^4.2.1"