Verify Azure AD B2C token in socketio middleware

Question

I have followed the tutorials to build an Azure AD B2C protected WebAPI. I have a JS client app that requests an id token and then an access token. This works fine.

Now I want to protect my socket.io API using the same method. I can send the access token acquired by the JS client app with each socketio request to the API.

And this is where my problems begin, because on the API end the recommended method is to use passport, which directly plugs into the express server as a middleware.

But what I would like is to just call a function with the token that I received from the client to verify it:

function init() {
  // setup the Azure AD B2C
  const bearerStrategy = new BearerStrategy(msalconfig,
    function (token, done) {
        // Send user info using the second argument
        done(null, {}, token);
    }
  );
  // what else is needed in this case?

  ...
  this.socketNamespace.use(authSockForGroup)
}

// this is called on each socketio request
export function authSockForGroup(socket: Socket, next: (err?: any) => any) {
  // extract the token
  const token = socket.handshake.query['token']
  // verify Azure AD B2C token
  if (!passport.verifyToken(token)) // I would need something like this
  {
    // verification of the Azure AD B2C access token failed
    next(new HttpError(HttpStatusCodes.Forbidden)) 
  }
}

Is this [issue](https://stackoverflow.com/a/36821359/13308381) helpful? — unknown, Jun 17 '20 at 09:47
@Copiltembel Hi Copil. Can you add the solution in the answer how you solve it? I'm having a similar use case. It will be really helpful. — Guru, Jun 03 '21 at 16:35
@Copiltembel did you find the solution. I am stuck on these for days — Chilean Miner, Jun 03 '22 at 14:25
@ChileanMiner: No, sorry. I moved on to different things since then. — Copil tembel, Jun 07 '22 at 09:58

Verify Azure AD B2C token in socketio middleware

0 Answers0