npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

passport-outlook

v3.0.0

Published

Outlook REST API v2 authentication strategy for Passport.

Downloads

2,423

Readme

passport-outlook

Build Status

Passport strategy for authenticating with Outlook accounts (aka Windows Live) using the OAuth 2.0 API.

This module lets you authenticate using Outlook REST API v2 in your Node.js applications. By plugging into Passport, Outlook REST API v2 authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Unlike alternative modules, this package authenticates against the latest Outlook.com (Office 365) v2 endpoints as can be tested in their Outlook Dev Center OAuth Sandbox

Install

$ npm install --save passport-outlook

Usage

v3

There are no behavioural changes but as of v3 the minimum required NodeJS version is v10. This should not affect most users but is a breaking change nonetheless.

Upgrading for v2

If you were using the package before v2.0.0, please note that the profile JSON returned has been updated to match the normalized contact schema outlined by Passport and used by other strategies.

Therefore, you will need to update your application to match these modified JSON properties.

Create an Application

Before using passport-outlook, you must register an application with Microsoft. If you have not already done so, a new application can be created at the Application Registration Portal. Your application will be issued a client ID and client secret, which need to be provided to the strategy. You will also need to configure a redirect URL which matches the route in your application.

Configure Strategy

The Outlook REST API v2 authentication strategy authenticates users using an Outlook.com account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

passport.use(new OutlookStrategy({
    clientID: OUTLOOK_CLIENT_ID,
    clientSecret: OUTLOOK_CLIENT_SECRET,
    callbackURL: 'http://www.example.com/auth/outlook/callback'
  },
  function(accessToken, refreshToken, profile, done) {
    var user = {
      outlookId: profile.id,
      name: profile.DisplayName,
      email: profile.EmailAddress,
      accessToken:  accessToken
    };
    if (refreshToken)
      user.refreshToken = refreshToken;
    if (profile.MailboxGuid)
      user.mailboxGuid = profile.MailboxGuid;
    if (profile.Alias)
      user.alias = profile.Alias;
    User.findOrCreate(user, function (err, user) {
      return done(err, user);
    });
  }
));

Additional options are supported as part of the described implicit grant flow: prompt, login_hint & domain_hint.

Note: If you want to use the express request, you must use the option passReqToCallback: true, then Passport will send the request as the first parameter.

passport.use(new OutlookStrategy({
    clientID: OUTLOOK_CLIENT_ID,
    clientSecret: OUTLOOK_CLIENT_SECRET,
    callbackURL: 'http://www.example.com/auth/outlook/callback',
    passReqToCallback: true
  },
  function(req, accessToken, refreshToken, profile, done) {
    var user = {
      outlookId: profile.id,
      name: profile.DisplayName,
      email: profile.EmailAddress,
      accessToken:  accessToken
    };
    if (refreshToken)
      user.refreshToken = refreshToken;
    if (profile.MailboxGuid)
      user.mailboxGuid = profile.MailboxGuid;
    if (profile.Alias)
      user.alias = profile.Alias;
    User.findOrCreate(user, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'windowslive' (or custom named) strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/outlook',
  passport.authenticate('windowslive', {
    scope: [
      'openid',
      'profile',
      'offline_access',
      'https://outlook.office.com/Mail.Read'
    ]
  })
);

app.get('/auth/outlook/callback', 
  passport.authenticate('windowslive', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Note: REST API specific scopes you are using must be fully qualified to match the outlook domain, e.g: https://outlook.office.com/Mail.Read instead of Mail.Read This is very important, otherwise you will receive 401 responses.

'offline_access' is a required scope in order to obtain a refresh_token. More information is available in the MSDN Dev Center.

Customising endpoints

If you need to customise the URLs used by the strategy (such as connecting to the Microsoft Graph API instead of Office365 REST) this is possible by modifying the options passed to the strategy:

passport.use(new OutlookStrategy({
    clientID: OUTLOOK_CLIENT_ID,
    clientSecret: OUTLOOK_CLIENT_SECRET,
    callbackURL: 'http://www.example.com/auth/graph/callback',
    userProfileURL: 'https://graph.microsoft.com/v1.0/me?$select=userPrincipalName',
    name: 'msgraph'
  },
  function(accessToken, refreshToken, profile, done) {
     // Callback logic as per examples
  }
));

In the example above the strategy name is changeed from the default of 'windowslive' to 'msgraph' and the userProfileURL is changed to the correct Microsoft Graph API endpoint. If you make this change, please remember to use the appropriate scopes for the API.

Examples

For a complete, working example, refer to the login example.

Tests

Any system can run the test suite in development from the terminal.

$ npm install
$ npm test

Contributing

Tests

The test suite is located in the test/ directory. All new features are expected to have corresponding test cases. Ensure that the complete test suite passes by executing:

$ make test

Coverage

All new features are expected to have test coverage. Patches that increase test coverage are happily accepted. Coverage reports can be viewed by executing:

$ make test-cov
$ make view-cov

Credits

Additional Contributors

License

The MIT License

Copyright (c) 2015-2019 Nigel Horton