Its been Quite some time that I’ve been looking at a good combination on backend and front end Web platform on which to start building apps. After playing around PHP, .Net, Python and Ruby I stumbled upon NodeJS and this IMHO makes sense to begin some new app dev that is specifically “Born in and For the Cloud”. NodeJS however is only part of the stack as I wanted other products to handle the frontend, database and overall hosting, security, load balancing, Scaling and various other services we’ll need for a complete app. I choose NodeJS as my web platform as I found it to be very simple to setup on both windows and Linux. Further having JS as the language across all sides makes life a bit simpler….
Now back to my App, The first bit I want to handle is the User Administration and I found AzureAD to be very simple and straight forward as long as I don’t get into integration with on-premise AD. I would have preferred more ‘Free’ Sign-Up mechanisms like Google, Facebook and OpenID but gave then up for something that has better ‘Enterprise’ capabilities…and hence AzureAD.
Lets Create the User/s
You can open an Azure account on a Pay-As-You-Go basis for Evaluation purpose and though credit card details are taken, they don’t get charged as long as we stay out of the charged services . The Instructions on Signup page and FAQ are very self explanatory and I’m not going to go in detail. User creation for up to 5 is free so I’ll keep my user count within limits.
By now I believe you should have created a azure subscription and have logged into the azure portal. To Create users Click on the “Browse All” Button
A window with All Services and another window with active services will appearClick on Active Directory to see the list of directory configured. The First time this would be empty and a default would be needed to be created to access any service
You should see the Configured users which initially would include only the Admin user you would have created by default. To Test Users create new ‘Basic’ users by first clicking on the “Add User” button
In the next form give the First Name, Last Name and Display Name…
An now you should be presented with the “Get temporary password” screen …Hit “Create”.You should be presented with a ‘temporary password’ for this new user…I would suggest you copy paste this password in a safe place. Next click on the user in the directory listing and from the user details listed, note down the <username>@*.onmicrosoft.com userid.
Now this user will be available for playing around from NodeJS only if we change the password. Do not try the ‘reset password’ as it will only give you one more ‘temporary password’ …So sign out for now….and Login again with this new user’s credentials…and you will be forced to change the password…do it.You should be now be able to login with this password for this user…Ensure this works before going to the next steps.
Client ID and Client Secret Creation for our App
Now for the next stage our NodeJS App will require Client ID and Client Secret…For this you will need to go back to the AD Screen and Click on the Directory/Workspace where you created the user. Now click on the ‘Applications tab’
You should see a list of default apps listed which could be nothing in your case, so don’t be scared. We’ll create one in a few steps. I’ve already created credentials for my ‘NodeJS’ App …Lets see how you can create one…
Now you will be asked for a name of the web app…Feel free to give a friendly name and this need not match with the NodeJS App being developed…but would be easy to use the same name. Do keep the “Web Application and/or Web API” Option selected
I got stumped at this step as I’m developing and NodeJS within my pc and will not have a public facing URL…Well Initially I gave some thing and debugged to reveal what I should use…For further steps I will be using NodeJS within my laptop and hence these instructions are valid only for this use case. Once the app is ready and we have a public facing URL , these URLs can be updated.
So I used the Sign-on URL as “http://localhost:3000/auth/openid/return” and appID URI as the same “http://localhost:3000”….If this is the first time then I would suggest you try the same as this is the default used by the OpenID Connector we will use in our NodeJS App.
This page also has several useful links to articles related to development of app for utilizing this facility…You should read them…but I’m going to go on…
Click on the Users Tab and you will see the list of users enabled to use this App Credential you just created. You will notice that the ‘New User’ you just created has been marked as ‘No’ under Assignment! Lets go ahead and change that to ‘Yes’. Click on the User and you will notice a ‘Assign’ button in the bottom..Click it. Confirm that You do want to assign this user to this app. It will take some time to Azure do some magic and then you will see the refreshed list of users with the new user marked as ‘Yes’. Now lets go get our Client ID and Secret. Click on the ‘Configure’ Tab
You should now see the ‘Client ID’ …Copy it as store in a safe place, as we’ll need it in our App later. Now where is the Client ‘Secret’!
Scroll down and you will see the ‘Keys’ section..This is where our ‘Secret’ is…but it is empty…
We got to create our new secret so pull down on the Duration boxand select 1 year or 2 years….your choice…Click on the ‘Save’ Button in the bottom to reveal the ‘Secret’…Copy it and save in a safe place along with the Client ID…Keep the ‘Secret’ safe as if you miss it then the only way to proceed would be to create a new key! Which at this stage is not a big deal but when dealing with production settings…Could be a Big Problem
The NodeJS App
Now It is safe to close the browser and sign-out…We will continue in out local PC. Install NodeJS…It’s a simple solution and instructions are very simple for both Linux and Windows. I would also recommend installing GIT for the next steps. Again this too is too simple and we can proceed with the default installation without any problem.Just ensure that the following command execute then called
If they don’t execute probably the installation did not go well…Ensure they work before proceeding. Also do ensure internet connection is working and you are not behind corporate firewalls.
Now create a folder for our app…from inside this folder from command line type
$ git clone AzureADSamples/WebApp-OpenIDConnect-NodeJS.git
This will download the OpenID Sample App in the folder. Change Directory into the WebApp-OpenIdConnect-nodejs folder and type
$ npm install
NPM will now do its magic and download all the dependencies that this sample app has and download into this folder under node_modules folder
Now Open the Config.js file and you will notice two items where there are no details…Yup clientID and ClientSecret….Now is the time to go back to your safe place and copy the Client ID and Client Secret and Paste them here
Now as per the developer of this AzureAD connector it would be recommended to install Bunyan to make sense of the logs being thrown out…But this is optional. I’m keeping it out for now. The below will run the NodeJS app
$ node app.js
That’s it …the app works and the first part is over…
Hope it worked for you too