Support for nonce Parameter in OAuth Flow #45
Comments
|
@hassan-attar I had a similar issue with forcing the auth flow to re-prompt the user to approve the permissions grant. I was able to solve this by setting the microsoftGraph: {
authorizationURL: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=consent',
// ... other config params
}in short, you can add query params to the authorizationURL at config time. This isn't a straight forward way to add a nonce, but it does give you a path to dynamically configure the strategy during the auth flow to set a nonce as you go. Alternatively, fork the repo and add the capability. Happy hacking! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello Sean,
I am currently implementing an authentication server using the passport-microsoft strategy. I would like to pass a nonce parameter to the OAuth flow to enhance security and mitigate replay attacks.
However, I couldn't find a way to include the nonce parameter in the authorization request using the current implementation of the strategy. Is there a supported way to add the nonce parameter to the OAuth flow, or would it require a custom implementation?
Any guidance or clarification on this would be greatly appreciated.
Thank you!
The text was updated successfully, but these errors were encountered: