Do you want to learn how to add authentication to your Node.js application? In this step-by-step tutorial, you will learn how to integrate a Node.js application with Azure AD using Datawiza to implement OIDC/OAuth SSO without writing code. All you need to do is just a few clicks.
The benefits of using Datawiza
- No need to learn complex OIDC/OAuth or SAML protocols
- No need to manage refresh tokens, access tokens or ID tokens
- No need to manage user sessions
- No need to use SDKs, call APIs or write code
- Reduce weeks of engineering work to hours, even minutes
- Avoid security vulnerabilities with a No-Code product developed by security experts
Ready to see how easy it is? Let’s get started!
Prerequisites
- A favorite text editor or IDE
- Node.js
- Docker (18.03+)
- Docker Compose
Run a Node.js application
We use the sample offered in Node.js official Getting Started Guide as the example in this section. The application running at port 3000 simply returns “Hello World.”
Suppose you want to add SSO authentication for a Node.js application using Azure AD, you may search on Google for the Node.js library for Azure AD. So, what is the best Node.js authentication library? Passport, which has 19,000+ stars in Github, is extremely flexible and modular. It has a comprehensive set of strategies supporting authentication using a username and password, Facebook, Twitter, and more. What’s more, it has a plugin for Azure Active Directory.
However, you still need to spend a lot of time to clearly understand the concepts about Azure AD, OIDC, OAuth2, JWT, and so on. If you are new to these, it could easily take weeks to months for you to complete the task. You deserve a better solution, and we are building a no-code solution that will reduce the time required down to hours or days, even minutes. All you need to do is a few clicks without coding required.
Introduction to the Datawiza Platform
The Datawiza Platform is a cloud-delivered, SaaS-based access management solution. It includes a data plane and a control plane: Datawiza Access Proxy and Datawiza Cloud Management Console (DCMC).
Datawiza Access Proxy is a lightweight, container-based access proxy deployed close to your application via the sidecar (agent) or gateway mode. It talks to Azure AD on behalf of your applications, so you don’t need to worry about the integration work. DCMC is a cloud-based management console where you can configure and manage the policies of Datawiza Access Proxy. Such a SaaS-based design makes the whole platform much easier to use.
Step 1: Simple configurations using Datawiza Cloud Management Console
First, use your Azure AD Admin Account (this account should have the permission to create an application registration in your Azure AD tenant) to log in to the Datawiza Cloud Management Console (DCMC).
The Get started function will guide you through the configuration. After logging in to the DCMC, click on the “Get started” button and follow the steps.
Enter some basic information, such as the deployment name and description:
Now Add an Application:
Configure your application with the following values:
- Platform: Web
- App Name: Demo App
- Public Domain: http://localhost:9772
- Listen Port: 9772
- Upstream Servers: http://host.docker.internal:3000
Note that Upstream Servers is the address of the Node.js application.
- If you use Mac or Windows, then set the Upstream Servers to http://host.docker.internal:3000 (requires Docker 18.03+).
If you use Linux, use ip addr show docker0 to get the docker host IP (e.g., 172.17.0.1) and then set Upstream Servers to http://172.17.0.1:3000 (see this for more details).
Next Configure the IdP:
Select the Microsoft Azure Active Directory as the Identity Provider and keep the Automatic Generator option enabled. Automatic Generator is an advanced feature offered by Datawiza and Azure AD. It automatically creates a new application registration on your behalf in your Azure AD tenant. Click Create and wait for interaction with Azure AD. All the configurations are now automatically set.
Alternatively, if you want to use an existing web application in your Azure AD tenant, you can disable the option and populate the fields of the form. The Tenant ID, Client ID, and Client Secret are needed. You can follow the tutorial on the right side or the documentation to find out how to create an application registration on Azure AD and get these values in your tenant.
In the last step, we provide the command lines to pull the Datawiza Access Proxy image and the docker-compose file to run the Datawiza Access Proxy. Execute the command lines in steps 1 & 2 and note down the docker-compose file in step 3 as shown below.
Step 2: Run Datawiza Access Proxy as a sidecar (agent) to your application
After finishing the configuration in DCMC, you can run the Datawiza Access Proxy with the YAML file noted in the previous step. The docker-compose YAML file, named datawiza-access-broker.yaml should then appear like this:
version: '3'
services:
datawiza-access-broker:
image: registry.gitlab.com/datawiza/access-broker
container_name: datawiza-access-broker
restart: always
ports:
- "9772:9772"
environment:
PROVISIONING_KEY: #############################
PROVISIONING_SECRET: #############################
Now, we can use docker-compose to create and start the Datawiza Access Proxy:
docker-compose -f datawiza-access-broker up -d
That’s it. After executing the command above, the Node.js application should have SSO enabled with Azure AD.
Now, let’s give it a try.
Open a browser and type in http://localhost:9772. You should see the Azure AD login page as follows:
After logging in to Azure AD, the Node.js application will be shown.
Summary
Congratulations! You secured a Node.js application by adding Azure AD authentication using Datawiza — in minutes instead of weeks or months. This is only a small sampling of what Datawiza can do. See Datawiza’s online docs or official website for much more information. You can also get started for free by signing in here!
