AzureAD authentication on electron
The following snippet implements the steps described in the official azure ad OAuth2 grant flow doc that can be found here.
1) Create a browser window
var authWindow = new BrowserWindow( {width: 800, height: 600, show: false, 'node-integration': false, 'web-security': false} );
2) The url you need to be targeting should look something like this (elaborated in the doc linked above) :
https://login.microsoftonline.com/{tenant}/oauth2/authorize? client_id=6731de76-14a6-49ae-97bc-6eba6914391e &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%3A12345 &response_mode=query &resource=https%3A%2F%2Fservice.contoso.com%2F &state=12345
2) Create a filter to be executed when the page is about to be redirected to your redirect url after the authentication is done once the browser window is launched. Eg.
const filter = { urls: [redirectUrl + '*']};
where redirectUrl is “localhost” in the above example.
session.webRequest.onBeforeRequest(filter, function (details, callback) { const url = details.url; if ((url.search(redirectUrl) > 0) &&(url.search('code=') > 0) { var arr = url.split('code='); console.log(arr[1]); // this is your auth code authWindow.close();} // don't forget to let the request proceed. callback({cancel: false}); });
3) Launch the window
authWindow.loadURL(authUrl); authWindow.show();
4) Once you have the code you need to obtain the auth token. You do this by sending a POST request to the token endpoint. e.g
POST /{tenant}/oauth2/token HTTP/1.1 Host: https://login.microsoftonline.com Content-Type: application/x-www-form-urlencoded grant_type=authorization_code &client_id=2d4d11a2-f814-46a7-890a-274a72a7309e &code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrqqf_ZT_p5uEAEJJ_nZ3UmphWygRNy2C3jJ239gV_DBnZ2syeg95Ki-374WHUP-i3yIhv5i-7KU2CEoPXwURQp6IVYMw-DjAOzn7C3JCu5wpngXmbZKtJdWmiBzHpcO2aICJPu1KvJrDLDP20chJBXzVYJtkfjviLNNW7l7Y3ydcHDsBRKZc3GuMQanmcghXPyoDg41g8XbwPudVh7uCmUponBQpIhbuffFP_tbV8SNzsPoFz9CLpBCZagJVXeqWoYMPe2dSsPiLO9Alf_YIe5zpi-zY4C3aLw5g9at35eZTfNd0gBRpR5ojkMIcZZ6IgAA &redirect_uri=https%3A%2F%2Flocalhost%3A12345 &resource=https%3A%2F%2Fservice.contoso.com%2F var options = { hostname: 'login.microsoftonline.com', path: '/<tenant>/oauth2/token', method: 'POST', headers: {'Content-Type': 'application/x-www-form-urlencoded',} }; var req = net.request(options, function(res) { console.log('Status: ' + res.statusCode); console.log('Headers: ' + JSON.stringify(res.headers)); res.setEncoding('utf8'); console.log("sending request......") res.on('data', function (body) { if (body.search('access_token":"') > 0) { var arr = body.split('access_token":"'); var arr2 = arr[1].split('","'); console.log(arr2[0]) // this is your access token } }); }); req.on('error', function(e) { console.log('problem with request: ' + e.message); }); var prefix = 'grant_type=authorization_code&client_id=<clientid>&code=' + <code from the previous step> +'&redirect_uri=<redirect url>&resource=<resource>' req.write(prefix); req.end();