• Default app running local host on windows surface pro x using Visual Studio Code.
• Signs in correctly and allows me to create an event
• Calendar events do not come through at all. Every time the calendar page is refreshed, there are no events, even though there should be

Developer (Beginner)
31 minutes to complete

The video is 51:37 :)

In the "Add Azure AD authentication" page, the document has the following instructions:

Replace YOUR APP ID HERE with the application ID from the Application Registration Portal, and replace YOUR APP SECRET HERE with the password you generated.

This is confusing and not up to date with the current portal experience. In the portal, it shows as "Client Secret"

The environment variable should be renamed to CLIENT_SECRET and the description "YOU CLIENT SECRET HERE". This will require several changes in the code snippets.

When running npm install getting issues with dependencies of python. No mention of python in dependencies, just NPM 10+ req.

C:\Users\jerem\Downloads\msgraph-training-nodeexpressapp\graph-tutorial\node_modules\dtrace-provider>if not defined npm_config_node_gyp (node "C:\Program Files\nodejs\node_modules\npm\node_modules\npm-lifecycle\node-gyp-bin\\..\..\node_modules\node-gyp\bin\node-gyp.js" rebuild )  else (node "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" rebuild )
gyp ERR! find Python
gyp ERR! find Python Python is not set from command line or npm configuration
gyp ERR! find Python Python is not set from environment variable PYTHON
gyp ERR! find Python checking if "python" can be used
gyp ERR! find Python - "python" is not in PATH or produced an error
gyp ERR! find Python checking if "python2" can be used
gyp ERR! find Python - "python2" is not in PATH or produced an error
gyp ERR! find Python checking if "python3" can be used
gyp ERR! find Python - "python3" is not in PATH or produced an error
gyp ERR! find Python checking if the py launcher can be used to find Python 2
gyp ERR! find Python - "py.exe" is not in PATH or produced an error
gyp ERR! find Python checking if Python is C:\Python27\python.exe
gyp ERR! find Python - "C:\Python27\python.exe" could not be run
gyp ERR! find Python checking if Python is C:\Python37\python.exe
gyp ERR! find Python - "C:\Python37\python.exe" could not be run
gyp ERR! find Python
gyp ERR! find Python **********************************************************
gyp ERR! find Python You need to install the latest version of Python.
gyp ERR! find Python Node-gyp should be able to find and use Python. If not,
gyp ERR! find Python you can try one of the following options:
gyp ERR! find Python - Use the switch --python="C:\Path\To\python.exe"
gyp ERR! find Python   (accepted by both node-gyp and npm)
gyp ERR! find Python - Set the environment variable PYTHON
gyp ERR! find Python - Set the npm configuration variable python:
gyp ERR! find Python   npm config set python "C:\Path\To\python.exe"
gyp ERR! find Python For more information consult the documentation at:
gyp ERR! find Python https://github.com/nodejs/node-gyp#installation
gyp ERR! find Python **********************************************************
gyp ERR! find Python
gyp ERR! configure error
gyp ERR! stack Error: Could not find any Python installation to use
gyp ERR! stack     at PythonFinder.fail (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\find-python.js:307:47)
gyp ERR! stack     at PythonFinder.runChecks (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\find-python.js:136:21)
gyp ERR! stack     at PythonFinder.<anonymous> (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\find-python.js:225:16)
gyp ERR! stack     at PythonFinder.execFileCallback (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\find-python.js:271:16)
gyp ERR! stack     at exithandler (child_process.js:310:5)
gyp ERR! stack     at ChildProcess.errorhandler (child_process.js:322:5)
gyp ERR! stack     at ChildProcess.emit (events.js:315:20)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:273:12)
gyp ERR! stack     at onErrorNT (internal/child_process.js:469:16)
gyp ERR! stack     at processTicksAndRejections (internal/process/task_queues.js:84:21)
gyp ERR! System Windows_NT 10.0.19041
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\jerem\Downloads\msgraph-training-nodeexpressapp\graph-tutorial\node_modules\dtrace-provider
gyp ERR! node -v v12.18.2
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok
added 181 packages from 211 contributors and audited 182 packages in 5.207s
found 2 low severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

C:\Users\jerem\Downloads\msgraph-training-nodeexpressapp\graph-tutorial>

Hello. I have added new pages to your sample tutorial.
But I have a problem. Could you kindly advise me?

Situation

New pages worked well including the authentication function with single web server (single process).
However, once I run the server using a load balancer, specifically the cluster mode of PM2, the sign in process is required again when I move to pages. (After I sign in again, I can move to another page, but it happens again.)
I noted that there is no error with PM2 if I did not use cluster mode.
So, I think the issue is that how I can maintain accesstoken when I run a server using load balancer.

Question

Do you have a similar experience? and, is it possible to keep access token among the webpage when the server runs with load balancer?

Additional information

--I added the following lines in app.js---
var newpageRouter = require('./routes/newpage')
app.use('/newpage', newpageRouter)

-- I made "newpage.hbs"

---I created routes/newpage.js as below---
var express = require('express');
var router = express.Router();

/* GET home page. */
router.get('/',
async function(req, res, next) {

if (!req.session.userId) {
// Redirect unauthenticated requests to home page
res.redirect('/')
} else {
let params = {
active: { home: true }
};

// Get the user
const user = req.app.locals.users[req.session.userId];

// Get the access token
var accessToken;
try {
accessToken = await getAccessToken(req.session.userId, req.app.locals.msalClient);
} catch (err) {
res.send(JSON.stringify(err, Object.getOwnPropertyNames(err)));
return;
}

if (accessToken && accessToken.length > 0) {
try {
// render
res.render('newpage',{ layout: false } );
// res.render('newpage', params);
} catch (err) {
res.send(JSON.stringify(err, Object.getOwnPropertyNames(err)));
}
}
else {
req.flash('error_msg', 'Could not get an access token');
}
}
}
);

async function getAccessToken(userId, msalClient) {
// Look up the user's account in the cache
try {
const accounts = await msalClient
.getTokenCache()
.getAllAccounts();

const userAccount = accounts.find(a => a.homeAccountId === userId);

// Get the token silently
const response = await msalClient.acquireTokenSilent({
  scopes: process.env.OAUTH_SCOPES.split(','),
  redirectUri: process.env.OAUTH_REDIRECT_URI,
  account: userAccount
});

return response.accessToken;

} catch (err) {
console.log(JSON.stringify(err, Object.getOwnPropertyNames(err)));
}
}

module.exports = router;

Hello. I followed your tutorial and tried to build a server. (my own APP_ID, APP_SECRET and AUTHRITY in .env)

When I started the server, once I logged in, it returned the Error getting auth URL as below.

(Strangely, if I start the server with sudo privilege, it works without error.)

I am not sure but it seems that the provided authoirty in .env is not regarded as a trusted authority.
If possible, please advise me how I can include this authority in the knownAuthorities config parameter?

Thank you for your kind attention!

In "Get calendar data" copying the getEvents snippet into calendar.js will not compile as there is a missing comma. Depending on where the snippet is copied, the comma will need to be before or after. I recommend that we instruct the reader to copy getEvents as the first function in module.exports and add a comma to the snippet.

i.e.

module.exports = {
  getEvents: async function(accessToken) {
    const client = getAuthenticatedClient(accessToken);

    const events = await client
    .api('/me/events')
    .select('subject,organizer,start,end')
    .orderby('createdDateTime DESC')
    .get();

    return events;
  },

  ...

Hello,

I want to get access to the calendar rooms list through this API. Any advice on how to do that?

Hi,

thank you very much for this tutorial!

I'm trying to build a small node app that allows me to fetch me calendar items of the day to help me taking notes and wanted to use this project as a foundation.

The Auth and other setup seems to work fine - my username is displayed and I get a 200 from the GET /calendar but there seems to be no results coming back - so at least the there are no events displayed...

I've tried to print out the the result of the query but unfortunately I'm not 100% sure how...
Is it possible that I need to pass in more information to the query - like the name of the desired calendar or something like it?

GET /calendar 200 177.840 ms - 3168
  express:router dispatching GET /stylesheets/style.css +35ms
  express:router query  : /stylesheets/style.css +0ms
  express:router expressInit  : /stylesheets/style.css +0ms
  express:router session  : /stylesheets/style.css +0ms
  express:router <anonymous>  : /stylesheets/style.css +0ms
  express:router <anonymous>  : /stylesheets/style.css +0ms
  express:router logger  : /stylesheets/style.css +1ms
  express:router jsonParser  : /stylesheets/style.css +0ms
  express:router urlencodedParser  : /stylesheets/style.css +0ms
  express:router cookieParser  : /stylesheets/style.css +0ms
  express:router serveStatic  : /stylesheets/style.css +0ms
GET /stylesheets/style.css 304 0.727 ms - -
  express:router dispatching GET /images/no-profile-photo.png +1ms
  express:router query  : /images/no-profile-photo.png +1ms
  express:router expressInit  : /images/no-profile-photo.png +0ms
  express:router session  : /images/no-profile-photo.png +0ms
  express:router <anonymous>  : /images/no-profile-photo.png +0ms
  express:router <anonymous>  : /images/no-profile-photo.png +0ms
  express:router logger  : /images/no-profile-photo.png +0ms
  express:router jsonParser  : /images/no-profile-photo.png +0ms
  express:router urlencodedParser  : /images/no-profile-photo.png +0ms
  express:router cookieParser  : /images/no-profile-photo.png +0ms
  express:router serveStatic  : /images/no-profile-photo.png +0ms
GET /images/no-profile-photo.png 304 0.700 ms - -

-- this are just the logs that the call to the /calendar api seems to work...

Every help is highly appreciated!

Thanks.
Peter

This demo is based on msgraph-sdk-javascript 1.7.0.
However version 2.0.0 has been released and introduced some breaking changes detailed in this migration guide.
When trying to recreate the demo project with the new version errors occur, for example polyfills aren't provided by the library anymore, but it is now required to provide them yourself.
PolyFillNotAvailable: Library cannot function without fetch. So, please provide polyfill for it.

We're unable to complete your request
unauthorized_client: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.

In "Add Azure AD authentication"

"However, this token is short-lived. The token expires an hour after it is issued. This is where the refresh token becomes useful. The refresh token allows the app to request a new access token without requiring the user to sign in again."

Suggest we add a mention of OAuth for those who may not be familiar with refresh token

"However, this token is short-lived. The token expires an hour after it is issued. The OAuth specification introduces a refresh token to help here. The refresh token allows the app to request a new access token without requiring the user to sign in again"

After sign in, in http://localhost:3000/ there are two warnings in the browser with the same issue:

Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Because a cookie's SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which will prevent the cookie from being sent in a cross-site request in a future version of the browser. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.

Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests

• AFFECTED RESOURCES

1 Cookie
Name | Domain & Path
-- | --
connect.sid | localhost/

1 Request
localhost

• AFFECTED RESOURCES

1 Cookie
Name | Domain & Path
-- | --
_ga localhost/

1 Request
localhost

For some reason the getAuthCodeUrl does not use proxy, but calls the https://graph.windows.net/ directly. How do I setup my proxy for that case? On the other hand the browser works correctly - the https://graph.windows.net/ goes via proxy

I encouter the following error when running npm start
{"name":"AzureAD: OIDC Passport Strategy","hostname":"webapp-virtual-machine","pid":2202,"level":40,"msg":"Production environments should always validate the issuer.","time":"2020-02-01T15:23:20.190Z","v":0}

After selecting node.js as the platform on https://developer.microsoft.com/en-us/graph/quick-start, getting the App ID and Secret, pasting the copied secret into the form field on the page the next step is to download the code sample.

Clicking the button there I only get to a 404-page at the URL https://codeload.github.com/microsoftgraph/msgraph-training-nodeexpressapp/zip/master

Not sure if this is an error caused by github or your url is wrong - but anyways, it doesn't work as intended.

Where did you get the code?

• Downloaded from GitHub
• Downloaded from the Microsoft Graph quick start tool
• Followed the tutorial from Microsoft Graph tutorials

Describe the bug

When starting the web server, just before the section Get user details, the nom start fails with Error: Cannot find module 'express-promise-router'

To Reproduce

Steps to reproduce the behavior:

1. Follow the tutorial until step 4
2. Start the webserver with ´npm start`

Expected behavior

The webserver starts

Additional context

running npm install express-promise-router fixes the issue

Btw: you have copied the <MsalInitSnippet> in the demo AFTER var app = express();, whereas the tutorial says before var indexRouter = require('./routes/index'); - which gives another error. Demo file here in GitHub seems fine (and more logical)

I am able to get rooms list but how can I get the calendar schedule for each room. How would the get request look like then?

Wasn't sure where to leave this question, so I'll do it here.

I was following the tutorial here and I find the constant replacements of signInComplete a bit confusing. In that page it gets rewritten 3 times. I'm not sure whether there is a reason for that*

Don't want this to sound mean or anything 😰, I genuinely afraid there is something I'm not understanding

I get this error when I make a change to any of my files on the Express server. I have to close the browser and re-log in to get it working again (after nodemon restarts)

I've tried the 'findByOid' function from the passport-azure-ad walkthough
(https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs/blob/master/app.js)
but can't seem to get it working here. It creates a loop and continuously tries to deserialize over and over.
Any help would be appreciated!

From this example:

passport.deserializeUser(function(id, done) {
  done(null, users[id]);
});

From passport-azure-ad example:

passport.deserializeUser(function(id, done) {
     findByOid(id, function(err, user) {
    done(err, user);
    });
});

const users = [];

const findByOid = function(oid, fn) {
  for (let i = 0, len = users.length; i < len; i++) {
    const user = users[i];
    if (user.oid === oid) {
      return fn(null, user);
    }
  }
  return fn(null, null);
};

Where did you get the code?

• Downloaded from GitHub
• Downloaded from the Microsoft Graph quick start tool
• Followed the tutorial from Microsoft Graph tutorials

Describe the bug

In the part Get Calendar View, in step 2, the line 11 if (!req.session.userId) {, I get the error "Cannot read property 'userId' of undefined".

To Reproduce

Steps to reproduce the behavior:

1. Go to landing page
2. Sign in
3. Click on 'Calendar'
4. See error

Expected behavior

A json dump of the calendar events.

Screenshots

Desktop

• OS: Windows
• Browser : Firefox
• Version : 88

Other information

It might have something to do with the 3rd step in the page "Create a Node.js Express apps with web app" where there's a secret marked as 'your_secret_value_here'. But nowhere in the tutorial, there's a mention of what do to with this line.

Ignore, found what I was looking for.

Can you please advise on how to address this issue I'm encountering?
TypeError: Invalid value for redirectUrl.The URL must be valid and be https:// or http://

The Redirect URI I configured in the .env file is http://localhost:3000/auth/callback.

From my front (React) I get tokenId (rawToken.....) with msal.js;
I want to send this to my ServerApi(NodeJs) endpoint and

1. verify this tokenId with my appId (and secret if needed)
2. get profile informations
3. do my logic of login...

FYI accessToken = Null // InFront
Question : After some research I find that probably I need to use @microsoft/microsoft-graph client, but I didn't find how to verify my tokenId ?

for example google-auth-library provides a function(OAuth2)
named verifyIdToken make me able to do this kind of staff

I am new to the Graph API and I've just tried pulling and running the code as per the tutorial. I've also configured the app registration accordingly on Azure AD admin center and filled out the app id and secret in the .env file. However, after logging in, it redirects me back to the home "/" page and the UI shows an "invalid_request" in a red error box. There wasn't any console.log messages and don't see much in Fiddler.

Hi there,

I am currently on Add Azure AD authentication step of the tutorial and finished right before Get user details. Only thing I needed right now was to type npm start and see the result on the localhost. When I hit npm start in shell I get this error related to locals property. I went step by step and tried it twice with the same result. Am I missing anything?

I am also beginner so I might overlook something or I just don't see something what could be obvious to others.

Thank you in advance.

Filip

I am looking for a way to implement oAuth of Azure without using passport. Can you please guide me regarding documentation

npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/wreck. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/topo. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/hoek. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/boom. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated [email protected]: This module has moved and is now available at @hapi/bourne. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.

I ran into an issue with the proposed configuration. This is the suggested config:

OAUTH_AUTHORITY=https://login.microsoftonline.com/common
OAUTH_ID_METADATA=/v2.0/.well-known/openid-configuration
OAUTH_AUTHORIZE_ENDPOINT=/oauth2/v2.0/authorize
OAUTH_TOKEN_ENDPOINT=/oauth2/v2.0/token

wreck inside simple-oauth2 uses Url.URL to combine OAUTH_AUTHORITY with OAUTH_TOKEN_ENDPOINT which results in https://login.microsoftonline.com/oauth2/v2.0/token and therefore loses common. This results in a 404.

I changed the config slightly and removed the leading slashes from the relative paths and added a trailing slash to the base URL.

OAUTH_AUTHORITY=https://login.microsoftonline.com/common/
OAUTH_ID_METADATA=/v2.0/.well-known/openid-configuration
OAUTH_AUTHORIZE_ENDPOINT=oauth2/v2.0/authorize
OAUTH_TOKEN_ENDPOINT=oauth2/v2.0/token

So that OAUTH_TOKEN_ENDPOINT is relative. I have not figured why it worked for authorize though, but still works.

Versions of simple-oauth2 above 3.4.0 do not have the require('simple-oauth2').create() function.

Why is isomorphic-fetch required if the npm package for ms graph is used? Can't the npm package include that fetch package?

passport-azure-ad allows the use of cookies instead of session, but I'm finding with this graph tutorial that the callback response always seems to give the error "In collectInfoFromReq: invalid state received in the request". The "passport-aad" cookie always has a value of 0. What am I doing wrong?

In app.js:
Additional options in OIDCStrategy:
nonceLifetime: 3600,
nonceMaxAmount: 10,
useCookieInsteadOfSession: true,
cookieEncryptionKeys: [ { key: '12345678901234567890123456789012', 'iv': '123456789012' }]

setting up cookies:
var cookieSession = require('cookie-session');
app.use(cookieParser());
app.use(cookieSession({
name: 'session',
secret: process.env.COOKIE_SECRET,
maxAge: 24 * 60 * 60 * 1000
}));

Added session: false to passport.authenticate('azuread-openidconnect') for both /signin and /callback routes.

I'm using section 4.1.4 of https://github.com/AzureAD/passport-azure-ad as a reference for all of this. I am just not having any luck.

I use the Node.js and follow the Tutorials. The error code as following:

{"name":"AzureAD: OIDC Passport Strategy","hostname":"tpea90100328","pid":17200,"level":40,"msg":"Production environments should always validate the issuer.","time":"2020-06-01T05:47:10.469Z","v":0}
{"name":"AzureAD: OIDC Passport Strategy","hostname":"tpea90100328","pid":17200,"level":40,"msg":"Using http for redirectUrl is not recommended, please consider using https","time":"2020-06-01T05:47:10.471Z","v":0}

The error in the http://localhost:3000 as following:

In _authCodeFlowHandler: failed to redeem authorization code: {"statusCode":400,"data":"{\"error\":\"invalid_request\",\"error_description\":\"AADSTS9002331: Application 'c441126d-df19-43bd-9da1-3eab6c53d417'(Node.js Graph Tutorial) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request.\\r\\nTrace ID: 68666000-d43d-4049-b0ae-09d20a9a4e01\\r\\nCorrelation ID: a0fdf95e-aa73-455f-bafd-710a83a19c3e\\r\\nTimestamp: 2020-06-01 08:51:32Z\",\"error_codes\":[9002331],\"timestamp\":\"2020-06-01 08:51:32Z\",\"trace_id\":\"68666000-d43d-4049-b0ae-09d20a9a4e01\",\"correlation_id\":\"a0fdf95e-aa73-455f-bafd-710a83a19c3e\"}"}

I've cloned the repo and tried to run the example, but am hitting the following error...

state is not defined
ReferenceError: state is not defined
    at Strategy.collectInfoFromReq (/Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/passport-azure-ad/lib/oidcstrategy.js:709:78)
    at async.waterfall (/Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/passport-azure-ad/lib/oidcstrategy.js:616:21)
    at fn (/Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/async/lib/async.js:746:34)
    at /Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/async/lib/async.js:1213:16
    at /Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/async/lib/async.js:166:37
    at /Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/async/lib/async.js:706:43
    at /Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/async/lib/async.js:167:37
    at Object.async.waterfall (/Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/async/lib/async.js:710:44)
    at Strategy.authenticateStrategy [as authenticate] (/Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/passport-azure-ad/lib/oidcstrategy.js:610:9)
    at attempt (/Users/chrisbeech/work/msgraph-training-nodeexpressapp/demo/graph-tutorial/node_modules/passport/lib/middleware/authenticate.js:348:16)

It's an error 500 being thrown from /auth/callback. All I've changed is the .env file to set my app ID and secret.

What am i doing wrong?

I'm missing an action in step in Register the app in the portal.

I got an error 'invalid_request'. I searched for permissions, and saw that only user.read was set by default. After adding the other three permissions, the app worked like expected and I received an access token.