Merge pull request #878 from Timothyw0/main

[Feature] Add AAD Custom Auth Support & Setup Custom Auth Framework

src/core/constants.ts

@@ -49,6 +49,47 @@ export const SWA_AUTH_CONTEXT_COOKIE = `StaticWebAppsAuthContextCookie`;
 export const SWA_AUTH_COOKIE = `StaticWebAppsAuthCookie`;
 export const ALLOWED_HTTP_METHODS_FOR_STATIC_CONTENT = ["GET", "HEAD", "OPTIONS"];
 
+// Custom Auth constants
+export const SUPPORTED_CUSTOM_AUTH_PROVIDERS = ["google", "github", "aad", "dummy"];
+/*
+  The full name is required in staticwebapp.config.json's schema that will be normalized to aad
+  https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-custom?tabs=aad%2Cinvitations
+*/
+export const ENTRAID_FULL_NAME = "azureActiveDirectory";
+export const CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
+  google: {
+    host: "oauth2.googleapis.com",
+    path: "/token",
+  },
+  github: {
+    host: "github.com",
+    path: "/login/oauth/access_token",
+  },
+  aad: {
+    host: "login.microsoftonline.com",
+    path: "/tenantId/oauth2/v2.0/token",
+  },
+};
+export const CUSTOM_AUTH_USER_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
+  google: {
+    host: "www.googleapis.com",
+    path: "/oauth2/v2/userinfo",
+  },
+  github: {
+    host: "api.github.com",
+    path: "/user",
+  },
+  aad: {
+    host: "graph.microsoft.com",
+    path: "/oidc/userinfo",
+  },
+};
+export const CUSTOM_AUTH_ISS_MAPPING: AuthIdentityIssHosts = {
+  google: "https://account.google.com",
+  github: "",
+  aad: "https://graph.microsoft.com",
+};
+
 export const AUTH_STATUS = {
   NoAuth: 0,
   HostNameAuthLogin: 1,

src/msha/auth/index.ts

@@ -2,27 +2,30 @@ import type http from "node:http";
 import { serializeCookie } from "../../core/utils/cookie.js";
 import { logger } from "../../core/utils/logger.js";
 import { response as newResponse } from "../../core/utils/net.js";
+import { SUPPORTED_CUSTOM_AUTH_PROVIDERS } from "../../core/constants.js";
 
 function getAuthPaths(isCustomAuth: boolean): Path[] {
   const paths: Path[] = [];
 
   if (isCustomAuth) {
+    const supportedAuthsRegex = SUPPORTED_CUSTOM_AUTH_PROVIDERS.join("|");
+
     paths.push({
       method: "GET",
-      // only match for providers with custom auth support implemented (github, google)
-      route: /^\/\.auth\/login\/(?<provider>github|google|dummy)\/callback(\?.*)?$/i,
+      // only match for providers with custom auth support implemented (github, google, aad)
+      route: new RegExp(`^/\\.auth/login/(?<provider>${supportedAuthsRegex})/callback(\\?.*)?$`, "i"),
       function: "auth-login-provider-callback",
     });
     paths.push({
       method: "GET",
-      // only match for providers with custom auth support implemented (github, google)
-      route: /^\/\.auth\/login\/(?<provider>github|google|dummy)(\?.*)?$/i,
+      // only match for providers with custom auth support implemented (github, google, aad)
+      route: new RegExp(`^/\\.auth/login/(?<provider>${supportedAuthsRegex})(\\?.*)?$`, "i"),
       function: "auth-login-provider-custom",
     });
     paths.push({
       method: "GET",
       // For providers with custom auth support not implemented, revert to old behavior
-      route: /^\/\.auth\/login\/(?<provider>aad|twitter|facebook|[a-z]+)(\?.*)?$/i,
+      route: /^\/\.auth\/login\/(?<provider>twitter|facebook|[a-z]+)(\?.*)?$/i,
       function: "auth-login-provider",
     });
     paths.push({
@@ -33,7 +36,7 @@ function getAuthPaths(isCustomAuth: boolean): Path[] {
   } else {
     paths.push({
       method: "GET",
-      route: /^\/\.auth\/login\/(?<provider>aad|github|twitter|google|facebook|[a-z]+)(\?.*)?$/i,
+      route: /^\/\.auth\/login\/(?<provider>github|twitter|google|facebook|[a-z]+)(\?.*)?$/i,
       function: "auth-login-provider",
     });
   }