Adding types for passport-azure-ad strategy (#29496)

* Added types for passport azure ad strategy

* New line added at eof in index.d.ts

* Typescript version fixed

types/passport-azure-ad/bearer-strategy.d.ts

@@ -0,0 +1,34 @@
+import * as passport from "passport";
+import { Request } from "express";
+import { IBaseStrategyOption, ITokenPayload, VerifyCallback } from "./common";
+
+export type VerifyBearerFunction = (token: ITokenPayload, done: VerifyCallback) => void;
+
+export type VerifyBearerFunctionWithReq = (
+    req: Request,
+    token: ITokenPayload,
+    done: VerifyCallback
+) => void;
+
+export interface IBearerStrategyOption extends IBaseStrategyOption {
+    audience?: string | string[];
+    policyName?: String;
+    allowMultiAudiencesInToken?: boolean;
+    scope?: string[];
+}
+
+export interface IBearerStrategyOptionWithRequest extends IBearerStrategyOption {
+    passReqToCallback: true;
+}
+
+export class BearerStrategy extends passport.Strategy {
+    constructor(
+        options: IBearerStrategyOptionWithRequest,
+        verify: VerifyBearerFunctionWithReq
+    );
+    constructor(options: IBearerStrategyOption, verify: VerifyBearerFunction);
+
+    name: string;
+
+    authenticate(req: Request, options?: object): void;
+}

types/passport-azure-ad/common.d.ts

@@ -0,0 +1,79 @@
+import { Request } from "express";
+
+export interface IBaseStrategyOption {
+    identityMetadata: string;
+    clientID: string;
+    isB2C?: boolean;
+    validateIssuer?: boolean;
+    issuer?: string | string[];
+    loggingLevel?: "info" | "warn" | "error";
+    loggingNoPII?: boolean;
+    clockSkew?: number;
+}
+
+export interface ITokenPayload {
+    /** An App ID URI. Identifies the intended recipient of the token. */
+    aud?: string;
+    /** A security token service(STS) URI. Identifies the STS that constructs and returns the token,
+     * and the Azure AD tenant in which the user was authenticated.*/
+    iss?: string;
+    /** "Issued At" indicates when the authentication for this token occurred. */
+    iat?: number;
+    /** The "nbf" (not before) claim identifies the time before which the JWT must not be accepted for processing. */
+    nbf?: number;
+    /** The "exp" (expiration time) claim identifies the expiration time on or after which the JWT must not be accepted for processing. */
+    exp?: number;
+    /** The "Authentication context class" claim. A value of "0" indicates the end-user authentication did not meet the requirements of ISO/IEC 29115. */
+    acr?: "0" | "1";
+    /** An internal claim used by Azure AD to record data for token reuse. */
+    aio?: string;
+    /** Identifies how the subject of the token was authenticated.  */
+    amr?: string[];
+    /** GUID represents the application ID of the client using the token. */
+    appid?: string;
+    /** Indicates how the client was authenticated. For a public client, the value is "0".
+     * If client ID and client secret are used, the value is "1". If a client certificate was used for authentication, the value is "2". */
+    appidacr?: "0" | "1" | "2";
+    /** Only present in v2.0 tokens. The application ID of the client using the token. */
+    azp?: string;
+    /** Only present in v2.0 tokens. Indicates how the client was authenticated.
+     * For a public client, the value is "0". If client ID and client secret are used, the value is "1". If a client certificate was used for authentication, the value is "2". */
+    azpacr?: "0" | "1" | "2";
+    /** Provides object IDs that represent the subject's group memberships. */
+    groups?: string | string[];
+    /** Denoting the user is in at least one group. */
+    hasgroups?: true;
+    /** Only present in v2.0 tokens. The primary username that represents the user. It could be an email address, phone number, or a generic username without a specified format */
+    preferred_name?: string;
+    /** Provides a human-readable value that identifies the subject of the token.
+     * The value is not guaranteed to be unique, it is mutable, and it's designed to be used only for display purposes. The profile scope is required in order to receive this claim. */
+    name?: string;
+    /** GUID represents a user. This ID uniquely identifies the user across applications. */
+    oid?: string;
+    /** An internal claim used by Azure to revalidate tokens. */
+    rh?: string;
+    /** The set of scopes exposed by your application for which the client application has requested (and received) consent. */
+    scp?: string;
+    /** The set of permissions exposed by your application that the requesting application has been given permission to call. */
+    roles?: string;
+    /** The principal about which the token asserts information, such as the user of an app. This value is immutable and cannot be reassigned or reused.
+     * It can be used to perform authorization checks safely, such as when the token is used to access a resource,
+     * and can be used as a key in database tables. Because the subject is always present in the tokens that Azure AD issues,
+     * we recommend using this value in a general-purpose authorization system. The subject is, however, a pairwise identifier - it is unique to a particular application ID.   */
+    sub?: string;
+    /** Represents the Azure AD tenant that the user is from. */
+    tid?: string;
+    /** Only present in v1.0 tokens. Provides a human readable value that identifies the subject of the token.  */
+    unique_name?: string;
+    /** The username of the user. May be a phone number, email address, or unformatted string. */
+    upn?: string;
+    /** An internal claim used by Azure to revalidate tokens. */
+    uti?: string;
+    /** Indicates the version of the access token. */
+    ver?: string;
+}
+
+export interface VerifyCallback {
+    (error: any, user?: any, info?: any): void;
+}
+  

types/passport-azure-ad/index.d.ts

@@ -0,0 +1,22 @@
+// Type definitions for passport-azure-ad 4.0
+// Project: https://github.com/AzureAD/passport-azure-ad#readme
+// Definitions by: Shekhar Nain <https://github.com/ShekharNain>
+// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
+// TypeScript Version: 2.9
+
+export { ITokenPayload, VerifyCallback } from "./common";
+export {
+    BearerStrategy,
+    IBearerStrategyOption,
+    IBearerStrategyOptionWithRequest,
+    VerifyBearerFunction,
+    VerifyBearerFunctionWithReq
+} from "./bearer-strategy";
+export {
+    OIDCStrategy,
+    IOIDCStrategyOption,
+    IOIDCStrategyOptionWithRequest,
+    IProfile,
+    VerifyOIDCFunction,
+    VerifyOIDCFunctionWithReq
+} from "./oidc-strategy";

types/passport-azure-ad/oidc-strategy.d.ts

@@ -0,0 +1,65 @@
+import * as passport from "passport";
+import { Request } from "express";
+import { IBaseStrategyOption, VerifyCallback } from "./common";
+
+export interface IOIDCStrategyOption extends IBaseStrategyOption {
+    responseType: "code" | "code id_token" | "id_token code" | "id_token";
+    responseMode: "query" | "form_post";
+    redirectUrl: string;
+    allowHttpForRedirectUrl?: boolean;
+    clientSecret?: string;
+    thumbprint?: string;
+    privatePEMKey?: string;
+    useCookieInsteadOfSession?: boolean;
+    cookieEncryptionKeys?: {key: string, iv: string}[];
+    nonceLifetime?: number;
+    nonceMaxAmount?: number;
+    scope?: string | string[];
+}
+
+export interface IOIDCStrategyOptionWithRequest extends IOIDCStrategyOption {
+    passReqToCallback: true;
+}
+
+export interface IProfile {
+    sub?: string;
+    oid?: string;
+    upn?: string;
+    displayName?: string;
+    name?: {
+        familyName?: string;
+        givenName?: string;
+        middleName?: string;
+    };
+    emails?: any;
+    _raw?: string;
+    _json?: any;
+}
+
+export type VerifyOIDCFunction =
+    ((profile: IProfile, done: VerifyCallback) => void) | 
+    ((iss: string, sub: string, done: VerifyCallback) => void) |
+    ((iss: string, sub: string, profile: IProfile, done: VerifyCallback) => void) |
+    ((iss: string, sub: string, profile: IProfile, access_token: string, refresh_token: string, done: VerifyCallback) => void) |
+    ((iss: string, sub: string, profile: IProfile, access_token: string, refresh_token: string, params: any, done: VerifyCallback) => void) |
+    ((iss: string, sub: string, profile: IProfile, jwtClaims: any, access_token: string, refresh_token: string, params: any, done: VerifyCallback) => void);
+
+export type VerifyOIDCFunctionWithReq =
+    ((req: Request, profile: IProfile, done: VerifyCallback) => void) | 
+    ((req: Request, iss: string, sub: string, done: VerifyCallback) => void) |
+    ((req: Request, iss: string, sub: string, profile: IProfile, done: VerifyCallback) => void) |
+    ((req: Request, iss: string, sub: string, profile: IProfile, access_token: string, refresh_token: string, done: VerifyCallback) => void) |
+    ((req: Request, iss: string, sub: string, profile: IProfile, access_token: string, refresh_token: string, params: any, done: VerifyCallback) => void) |
+    ((req: Request, iss: string, sub: string, profile: IProfile, jwtClaims: any, access_token: string, refresh_token: string, params: any, done: VerifyCallback) => void);
+
+export class OIDCStrategy extends passport.Strategy {
+    constructor(
+        options: IOIDCStrategyOptionWithRequest,
+        verify: VerifyOIDCFunction
+    );
+    constructor(options: IOIDCStrategyOption, verify: VerifyOIDCFunctionWithReq);
+
+    name: string;
+
+    authenticate(req: Request, options?: object): void;
+}

types/passport-azure-ad/passport-azure-ad-tests.ts

@@ -0,0 +1,42 @@
+import { Request } from "express";
+import {
+    BearerStrategy,
+    OIDCStrategy,
+    IBearerStrategyOptionWithRequest,
+    IOIDCStrategyOptionWithRequest,
+    VerifyBearerFunctionWithReq,
+    VerifyOIDCFunctionWithReq,
+    IProfile,
+    VerifyCallback
+} from "passport-azure-ad";
+
+const bearerStrategyOptions: IBearerStrategyOptionWithRequest = {
+    identityMetadata: "https://api.test.com",
+    clientID: "XXXXX",
+    passReqToCallback: true
+};
+
+const oidcStrategyOptions: IOIDCStrategyOptionWithRequest = {
+    identityMetadata: "https://api.test.com",
+    clientID: "XXXXX",
+    passReqToCallback: true,
+    responseType: "id_token",
+    responseMode: "query",
+    redirectUrl: "https://api.test.com"
+};
+
+const verifyBearer: VerifyBearerFunctionWithReq = (req, token, done) => {
+    if (!token.oid)
+        done(null, token);
+    else done(new Error("Invalid token"));
+};
+
+const verifyOidc: VerifyOIDCFunctionWithReq = (req: Request, profile: IProfile, done: VerifyCallback) => {
+    if (!profile.oid)
+        done(null, profile);
+    else done(new Error("Invalid token"));
+};
+
+new BearerStrategy(bearerStrategyOptions, verifyBearer);
+
+new OIDCStrategy(oidcStrategyOptions, verifyOidc);

types/passport-azure-ad/tsconfig.json

@@ -0,0 +1,23 @@
+{
+    "compilerOptions": {
+        "module": "commonjs",
+        "lib": [
+            "es6"
+        ],
+        "noImplicitAny": true,
+        "noImplicitThis": true,
+        "strictNullChecks": true,
+        "strictFunctionTypes": true,
+        "baseUrl": "../",
+        "typeRoots": [
+            "../"
+        ],
+        "types": [],
+        "noEmit": true,
+        "forceConsistentCasingInFileNames": true
+    },
+    "files": [
+        "index.d.ts",
+        "passport-azure-ad-tests.ts"
+    ]
+}

types/passport-azure-ad/tslint.json

@@ -0,0 +1 @@
+{ "extends": "dtslint/dt.json" }