DEV Community: Aamir Khan The latest articles on DEV Community by Aamir Khan (@aamirkhancr7). https://dev.to/aamirkhancr7 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F547335%2F8f1b5d33-0116-4338-b402-644fb79ef401.jpeg DEV Community: Aamir Khan https://dev.to/aamirkhancr7 en Understanding JWT and Validating Tokens with Expiry Dates Aamir Khan Tue, 25 Jun 2024 08:54:04 +0000 https://dev.to/aamirkhancr7/understanding-jwt-and-validating-tokens-with-expiry-dates-232 https://dev.to/aamirkhancr7/understanding-jwt-and-validating-tokens-with-expiry-dates-232 <p>JSON Web Tokens (JWT) are widely used for secure data transmission and authentication in modern web applications. This guide will provide an overview of JWT and demonstrate how to validate tokens with expiry dates, including examples with Microsoft Azure AD and Azure AD B2C tokens.</p> <h4> What is JWT? </h4> <p>JWT stands for JSON Web Token. It is a compact, URL-safe means of representing claims to be transferred between two parties. The token is digitally signed, so the information is verifiable and trusted.</p> <h4> Structure of JWT </h4> <p>A JWT consists of three parts separated by dots (.):</p> <ol> <li><strong>Header</strong></li> <li><strong>Payload</strong></li> <li><strong>Signature</strong></li> </ol> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>xxxxx.yyyyy.zzzzz </code></pre> </div> <h5> Header </h5> <p>The header typically consists of two parts: the type of token (JWT) and the signing algorithm (e.g., HMAC SHA256 or RSA).</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HS256"</span><span class="p">,</span><span class="w"> </span><span class="nl">"typ"</span><span class="p">:</span><span class="w"> </span><span class="s2">"JWT"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h5> Payload </h5> <p>The payload contains the claims, which are statements about an entity (typically the user) and additional data. Common claims include <code>sub</code> (subject), <code>name</code>, and <code>exp</code> (expiration time).</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"sub"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1234567890"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"John Doe"</span><span class="p">,</span><span class="w"> </span><span class="nl">"admin"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">1516239022</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h5> Signature </h5> <p>The signature is created using the encoded header, the encoded payload, a secret, and the specified algorithm.</p> <h4> How JWT Works </h4> <ol> <li> <strong>Authentication</strong>: The server issues a token upon successful authentication.</li> <li> <strong>Storage</strong>: The client stores the token, usually in sessionStorage.</li> <li> <strong>Subsequent Requests</strong>: The client sends the token in the Authorization header of each request.</li> <li> <strong>Verification</strong>: The server verifies the token's signature and decodes the payload to authorize the request.</li> </ol> <h4> Example with JavaScript </h4> <p>Let's see an example of creating, sending, and verifying a JWT in a Node.js application, including validating the token based on its expiry date.</p> <p><strong>Server Side (Node.js)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">secretKey</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">your-256-bit-secret</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Create a token</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">john.doe</span><span class="dl">'</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">john.doe@example.com</span><span class="dl">'</span> <span class="p">},</span> <span class="nx">secretKey</span><span class="p">,</span> <span class="p">{</span> <span class="na">algorithm</span><span class="p">:</span> <span class="dl">'</span><span class="s1">HS256</span><span class="dl">'</span><span class="p">,</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1h</span><span class="dl">'</span> <span class="c1">// Token expires in 1 hour</span> <span class="p">}</span> <span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">token</span><span class="p">);</span> </code></pre> </div> <p><strong>Client Side (JavaScript)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Store the token in sessionStorage</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">your-generated-jwt-token</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Send the token with a request</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">);</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/protected-endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">data</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">));</span> </code></pre> </div> <p><strong>Server Side (Node.js) - Verifying Token with Expiry Date</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">secretKey</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">your-256-bit-secret</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Middleware to verify the token</span> <span class="kd">const</span> <span class="nx">verifyToken</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">authorization</span><span class="dl">'</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">authHeader</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">secretKey</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">TokenExpiredError</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Token has expired</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">user</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Authorization header not found</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> <span class="c1">// Protected route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/protected-endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verifyToken</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">This is a protected endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h4> Example with Microsoft (Azure AD) Token </h4> <p>Microsoft's Azure Active Directory (Azure AD) issues JWT tokens for authentication and authorization. Let's see how to acquire and verify an Azure AD token, including validating the token based on its expiry date.</p> <p><strong>Step 1: Acquiring an Azure AD Token</strong></p> <p>To acquire a token, you must authenticate against Azure AD. You can use Microsoft's <code>msal</code> library for this.</p> <p><strong>Client Side (JavaScript)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">msal</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@azure/msal-browser</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">msalConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">clientId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">your-client-id</span><span class="dl">'</span><span class="p">,</span> <span class="na">authority</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://login.microsoftonline.com/your-tenant-id</span><span class="dl">'</span><span class="p">,</span> <span class="na">redirectUri</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span> <span class="p">}</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">msalInstance</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">msal</span><span class="p">.</span><span class="nc">PublicClientApplication</span><span class="p">(</span><span class="nx">msalConfig</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">loginRequest</span> <span class="o">=</span> <span class="p">{</span> <span class="na">scopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">User.Read</span><span class="dl">"</span><span class="p">]</span> <span class="p">};</span> <span class="nx">msalInstance</span><span class="p">.</span><span class="nf">loginPopup</span><span class="p">(</span><span class="nx">loginRequest</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Access Token:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">response</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">);</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">msalToken</span><span class="dl">'</span><span class="p">,</span> <span class="nx">response</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">);</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Login failed:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Step 2: Sending the Token with Requests</strong></p> <p><strong>Client Side (JavaScript)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">msalToken</span><span class="dl">'</span><span class="p">);</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/protected-endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">data</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">));</span> </code></pre> </div> <p><strong>Step 3: Verifying the Token on the Server</strong></p> <p><strong>Server Side (Node.js) - Verifying Token with Expiry Date</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">jwksClient</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jwks-rsa</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Middleware to verify the token</span> <span class="kd">const</span> <span class="nx">verifyAzureADToken</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">authorization</span><span class="dl">'</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authHeader</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Authorization header not found</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">decodedToken</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="p">{</span> <span class="na">complete</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">decodedToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nf">jwksClient</span><span class="p">({</span> <span class="na">jwksUri</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://login.microsoftonline.com/your-tenant-id/discovery/v2.0/keys</span><span class="dl">'</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">kid</span> <span class="o">=</span> <span class="nx">decodedToken</span><span class="p">.</span><span class="nx">header</span><span class="p">.</span><span class="nx">kid</span><span class="p">;</span> <span class="nx">client</span><span class="p">.</span><span class="nf">getSigningKey</span><span class="p">(</span><span class="nx">kid</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">key</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unable to get signing key</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">signingKey</span> <span class="o">=</span> <span class="nx">key</span><span class="p">.</span><span class="nf">getPublicKey</span><span class="p">();</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">signingKey</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">TokenExpiredError</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Token has expired</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">user</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> <span class="p">});</span> <span class="p">};</span> <span class="c1">// Protected route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/protected-endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verifyAzureADToken</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">This is a protected endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h4> Example with Azure AD B2C </h4> <p>Azure AD B2C (Business to Consumer) is a cloud identity management solution for your consumer-facing web and mobile applications. It enables you to customize and control how customers sign up, sign in, and manage their profiles.</p> <p><strong>Step 1: Acquiring an Azure AD B2C Token</strong></p> <p><strong>Client Side (JavaScript)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">msal</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@azure/msal-browser</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">msalConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">clientId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">your-client-id</span><span class="dl">'</span><span class="p">,</span> <span class="na">authority</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/B2C_1_signupsignin1</span><span class="dl">'</span><span class="p">,</span> <span class="na">redirectUri</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span> <span class="p">}</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">msalInstance</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">msal</span><span class="p">.</span><span class="nc">PublicClientApplication</span><span class="p">(</span><span class="nx">msalConfig</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">loginRequest</span> <span class="o">=</span> <span class="p">{</span> <span class="na">scopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://your-tenant-name.onmicrosoft.com/api/read</span><span class="dl">"</span><span class="p">]</span> <span class="p">};</span> <span class="nx">msalInstance</span><span class="p">.</span><span class="nf">loginPopup</span><span class="p">(</span><span class="nx">loginRequest</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Access Token:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">response</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">);</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">b2cToken</span><span class="dl">'</span><span class="p">,</span> <span class="nx">response</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">);</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Login failed:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Step 2: Sending the Token with Requests</strong></p> <p><strong>Client Side (JavaScript)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">b2cToken</span><span class="dl">'</span><span class="p">);</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/protected-endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">data</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">));</span> </code></pre> </div> <p><strong>Step 3: Verifying the Token on the Server</strong></p> <p><strong>Server Side (Node.js) - Verifying Token with Expiry Date</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">jwksClient</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jwks-rsa</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Middleware to verify the token</span> <span class="kd">const</span> <span class="nx">verifyB2CToken</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authHeader</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">authorization</span><span class="dl">'</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authHeader</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Authorization header not found</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">authHeader</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">decodedToken</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="p">{</span> <span class="na">complete</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">decodedToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nf">jwksClient</span><span class="p">({</span> <span class="na">jwksUri</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/discovery/v2.0/keys</span><span class="dl">'</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">kid</span> <span class="o">=</span> <span class="nx">decodedToken</span><span class="p">.</span><span class="nx">header</span><span class="p">.</span><span class="nx">kid</span><span class="p">;</span> <span class="nx">client</span><span class="p">.</span><span class="nf">getSigningKey</span><span class="p">(</span><span class="nx">kid</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">key</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unable to get signing key</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">signingKey</span> <span class="o">=</span> <span class="nx">key</span><span class="p">.</span><span class="nf">getPublicKey</span><span class="p">();</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">signingKey</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">TokenExpiredError</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Token has expired</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid token</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">user</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> <span class="p">});</span> <span class="p">};</span> <span class="c1">// Protected route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/protected-endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verifyB2CToken</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">This is a protected endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h3> Conclusion </h3> <p>JWT provides a powerful and secure way to handle authentication and authorization in modern web applications. By understanding its structure and usage, you can efficiently implement JWT in your applications, including those integrating with Microsoft Azure AD and Azure AD B2C. This guide has shown you how to create, send, and verify JWTs in a Node.js environment, how to validate tokens based on their expiry date, and how to work with Azure AD and Azure AD B2C tokens using <code>sessionStorage</code> for client-side token storage.</p> javascript azure jwt node Securely Update a PostgreSQL Database on Azure Using Azure DevOps Pipelines Aamir Khan Thu, 13 Jun 2024 13:16:46 +0000 https://dev.to/aamirkhancr7/securely-update-a-postgresql-database-on-azure-using-azure-devops-pipelines-4fp5 https://dev.to/aamirkhancr7/securely-update-a-postgresql-database-on-azure-using-azure-devops-pipelines-4fp5 <p>In modern cloud environments, ensuring the security of your database credentials while maintaining automated CI/CD workflows is crucial. In this guide, we'll walk you through the process of using Azure DevOps pipelines to securely update and modify a PostgreSQL database hosted on Azure. We'll leverage Azure Key Vault to securely store and retrieve your database credentials during the pipeline execution.</p> <h2> Prerequisites </h2> <p>Before we start, ensure you have the following:</p> <ol> <li>An Azure DevOps account and project.</li> <li>An Azure subscription with a PostgreSQL database set up.</li> <li>An Azure Key Vault to store your PostgreSQL credentials.</li> <li>SQL scripts ready for modifying your PostgreSQL database.</li> </ol> <h2> Step 1: Store Secrets in Azure Key Vault </h2> <p>First, securely store your PostgreSQL username and password in Azure Key Vault.</p> <ol> <li>Navigate to your Azure Key Vault in the Azure portal.</li> <li>Go to the Secrets section and add two secrets: <ul> <li> <code>PGUSER</code>: Your PostgreSQL username.</li> <li> <code>PGPASSWORD</code>: Your PostgreSQL password.</li> </ul> </li> </ol> <h2> Step 2: Set Up Azure Service Connection in Azure DevOps </h2> <p>Next, set up a service connection in Azure DevOps to allow access to your Azure resources.</p> <ol> <li>Go to your Azure DevOps project.</li> <li>Navigate to Project Settings &gt; Service connections.</li> <li>Create a new service connection for Azure Resource Manager.</li> <li>Select the appropriate subscription and resource group that contains your Key Vault.</li> <li>Grant the service connection access to the Key Vault.</li> </ol> <h2> Step 3: Configure Key Vault Access Policy </h2> <p>Ensure Azure DevOps has permission to read the secrets from your Key Vault.</p> <ol> <li>Navigate to your Azure Key Vault in the Azure portal.</li> <li>Under Access policies, add a new access policy.</li> <li>Select the Get permission for secrets.</li> <li>Choose the service principal associated with your Azure DevOps service connection.</li> </ol> <h2> Step 4: Define the Pipeline in YAML </h2> <p>Now, define your pipeline in YAML to automate the process of updating your PostgreSQL database.</p> <p>Here's an example of the YAML pipeline definition:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">trigger</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="na">pool</span><span class="pi">:</span> <span class="na">vmImage</span><span class="pi">:</span> <span class="s1">'</span><span class="s">ubuntu-latest'</span> <span class="na">variables</span><span class="pi">:</span> <span class="na">PGHOST</span><span class="pi">:</span> <span class="s1">'</span><span class="s">your-postgresql-server.postgres.database.azure.com'</span> <span class="na">PGDATABASE</span><span class="pi">:</span> <span class="s1">'</span><span class="s">your-database-name'</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">task</span><span class="pi">:</span> <span class="s">UsePythonVersion@0</span> <span class="na">inputs</span><span class="pi">:</span> <span class="na">versionSpec</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.x'</span> <span class="na">addToPath</span><span class="pi">:</span> <span class="kc">true</span> <span class="pi">-</span> <span class="na">task</span><span class="pi">:</span> <span class="s">AzureKeyVault@1</span> <span class="na">inputs</span><span class="pi">:</span> <span class="na">azureSubscription</span><span class="pi">:</span> <span class="s1">'</span><span class="s">&lt;your-service-connection-name&gt;'</span> <span class="na">KeyVaultName</span><span class="pi">:</span> <span class="s1">'</span><span class="s">&lt;your-key-vault-name&gt;'</span> <span class="na">SecretsFilter</span><span class="pi">:</span> <span class="s1">'</span><span class="s">PGUSER,PGPASSWORD'</span> <span class="pi">-</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">sudo apt-get update</span> <span class="s">sudo apt-get install -y postgresql-client</span> <span class="na">displayName</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Install</span><span class="nv"> </span><span class="s">PostgreSQL</span><span class="nv"> </span><span class="s">Client'</span> <span class="pi">-</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">psql "sslmode=require host=$PGHOST dbname=$PGDATABASE user=$(PGUSER) password=$(PGPASSWORD)" -f path/to/your/script.sql</span> <span class="na">displayName</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Run</span><span class="nv"> </span><span class="s">SQL</span><span class="nv"> </span><span class="s">Script'</span> <span class="na">env</span><span class="pi">:</span> <span class="na">PGPASSWORD</span><span class="pi">:</span> <span class="s">$(PGPASSWORD)</span> </code></pre> </div> <h3> Explanation of YAML Pipeline </h3> <ol> <li> <p><strong>Trigger:</strong></p> <ul> <li>The pipeline triggers on changes to the <code>main</code> branch.</li> </ul> </li> <li> <p><strong>Pool:</strong></p> <ul> <li>Specifies the VM image to use for the pipeline.</li> </ul> </li> <li> <p><strong>Variables:</strong></p> <ul> <li>Defines the PostgreSQL host and database name.</li> </ul> </li> <li> <p><strong>UsePythonVersion Task:</strong></p> <ul> <li>Ensures Python is available in the pipeline (optional step depending on further needs).</li> </ul> </li> <li> <p><strong>AzureKeyVault Task:</strong></p> <ul> <li>Fetches the <code>PGUSER</code> and <code>PGPASSWORD</code> secrets from the specified Key Vault using the defined service connection.</li> </ul> </li> <li> <p><strong>Install PostgreSQL Client:</strong></p> <ul> <li>Installs the PostgreSQL client on the build agent.</li> </ul> </li> <li> <p><strong>Run SQL Script:</strong></p> <ul> <li>Uses the <code>psql</code> command to execute the SQL script, passing the retrieved PostgreSQL user and password as environment variables.</li> </ul> </li> </ol> <h2> Step 5: Securely Reference Secrets </h2> <p>By using the <code>AzureKeyVault</code> task, the secrets <code>PGUSER</code> and <code>PGPASSWORD</code> are securely retrieved and can be used in subsequent steps within the pipeline. Ensure the names used in <code>SecretsFilter</code> match the secret names in Azure Key Vault.</p> <h2> Step 6: Commit and Run the Pipeline </h2> <ol> <li>Commit your changes to the repository.</li> <li>Go to Pipelines and select your pipeline.</li> <li>Run the pipeline.</li> </ol> <h2> Conclusion </h2> <p>By following these steps, you can securely automate the process of updating and modifying your PostgreSQL database hosted on Azure using Azure DevOps pipelines. Leveraging Azure Key Vault ensures that your database credentials are securely managed, enhancing the security of your CI/CD process. With this setup, you can maintain a seamless and secure workflow, ensuring that your database modifications are consistently applied without exposing sensitive information.</p> azure postgres devops Deploying a Vue or React App Using Azure Static Web Apps and Azure DevOps Aamir Khan Sun, 02 Jun 2024 15:46:46 +0000 https://dev.to/aamirkhancr7/deploying-a-vue-or-react-app-using-azure-static-web-apps-and-azure-devops-5edi https://dev.to/aamirkhancr7/deploying-a-vue-or-react-app-using-azure-static-web-apps-and-azure-devops-5edi <p>Deploying a frontend application with Azure Static Web Apps integrated with Azure DevOps leverages the power of continuous integration and continuous deployment (CI/CD). This guide will walk you through the detailed steps to achieve a seamless deployment of your Vue or React application.</p> <h3> Step 1: Log into Azure Portal </h3> <ol> <li>Access the <a href="https://portal.azure.com/" rel="noopener noreferrer">Azure Portal</a>.</li> <li>Navigate to <strong>App Services</strong> and select <strong>Static Web App</strong>. </li> </ol> <h3> Step 2: Select or Create a Resource Group </h3> <ol> <li>Choose an existing resource group if available.</li> <li>To create a new resource group, click on <strong>Create new</strong>. Use a clear and consistent naming convention (e.g., <code>rg-myproject-prod</code>).</li> </ol> <h3> Step 3: Configure Static Web App </h3> <ol> <li>Enter a unique name for your Static Web App.</li> <li>Choose the appropriate hosting plan: <ul> <li><strong>Free</strong></li> <li><strong>Standard</strong></li> <li> <strong>Dedicated</strong> Click <strong>Compare plans</strong> to understand the differences and select the best option.</li> </ul> </li> </ol> <h3> Step 4: Set Up Deployment with Azure DevOps </h3> <ol> <li>Under <strong>Deployment details</strong>, select <strong>Azure DevOps</strong>.</li> <li>Authenticate and choose your Azure DevOps organization.</li> <li>Select the project, repository, and branch for the deployment.</li> </ol> <h3> Step 5: Configure Build Details </h3> <ol> <li>Select from the available build presets or configure a custom build preset.</li> <li>Define the <strong>App location</strong>: <ul> <li> <code>/</code> if the code is in the root directory</li> <li> <code>/app</code> if the code is in a folder named <code>app</code> </li> </ul> </li> <li>Specify the <strong>API location</strong>: <ul> <li> <code>/api</code> if you have Azure Functions code in an <code>api</code> folder.</li> </ul> </li> <li>Set the <strong>Output location</strong>: <ul> <li>For example, if the build output is in <code>build</code> within the app directory, set it to <code>build</code>.</li> </ul> </li> </ol> <h3> Step 6: Advanced Deployment Settings </h3> <ol> <li>If uncertain about some deployment details, select <strong>Other</strong> to allow post-deployment adjustments.</li> <li>Click <strong>Next: Advanced</strong> to choose the region for Azure Functions and configure staging environments.</li> </ol> <h3> Step 7: Add Tags and Review </h3> <ol> <li>Add relevant tags for resource management and tracking.</li> <li>Click <strong>Next</strong> to review all configurations.</li> <li>If everything is correct, click <strong>Create</strong> to initiate the deployment.</li> </ol> <h3> Step 8: Deployment Process </h3> <ol> <li>You will be redirected to a deployment page.</li> <li>Wait for the deployment to complete. This can take a few minutes.</li> <li>Once completed, a notification saying "Your Deployment is complete" will appear.</li> <li>Click <strong>Go to Resource</strong> to navigate to your newly created Static Web App.</li> </ol> <h3> Step 9: Verify Azure DevOps Pipeline </h3> <ol> <li>Navigate to your Azure DevOps project.</li> <li>Inspect the pipeline for any failures or issues.</li> <li>Click on <strong>Deployment history</strong> to view Azure DevOps pipeline runs.</li> <li>Your repository will automatically be added with a YAML file. Review and modify this file to: <ul> <li>Add deployment approval checks.</li> <li>Configure different deployment slots (e.g., staging and production).</li> <li>To add a staging slot, include <code>deployment_environment: staging</code> under the <code>AzureStaticWebApp@0</code> task in the YAML file.</li> </ul> </li> </ol> <h3> Step 10: Verify and Access Your Deployed App </h3> <ol> <li>Once the pipeline run is successful, return to the Azure portal.</li> <li>Navigate to <strong>Static Web Apps</strong> and select your deployed application.</li> <li>In the <strong>Overview</strong> section, click on the provided URL to view your web application.</li> </ol> <h3> Conclusion </h3> <p>Deploying a Vue or React application using Azure Static Web Apps combined with Azure DevOps provides a robust CI/CD pipeline, ensuring your app remains up-to-date with the latest code changes. This integration facilitates streamlined deployments, efficient resource management, and enhanced collaboration within your development team.</p> <h3> References </h3> <ul> <li><a href="https://docs.microsoft.com/en-us/azure/static-web-apps/" rel="noopener noreferrer">Azure Static Web Apps Documentation</a></li> <li><a href="https://docs.microsoft.com/en-us/azure/devops/?view=azure-devops" rel="noopener noreferrer">Azure DevOps Documentation</a></li> </ul> <p>This comprehensive deployment approach not only simplifies the process but also ensures a scalable and maintainable solution for modern web applications.</p> <h3> Sample <code>.yaml</code> for reference </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Azure Static Web Apps CI/CD</span> <span class="na">pr</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="na">include</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="na">trigger</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="na">include</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="na">jobs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">job</span><span class="pi">:</span> <span class="s">build_and_deploy_job</span> <span class="na">displayName</span><span class="pi">:</span> <span class="s">Build and Deploy Job</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">or(eq(variables['Build.Reason'], 'Manual'),or(eq(variables['Build.Reason'], 'PullRequest'),eq(variables['Build.Reason'], 'IndividualCI')))</span> <span class="na">pool</span><span class="pi">:</span> <span class="na">vmImage</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">variables</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">group</span><span class="pi">:</span> <span class="s">Azure-Static-Web-Apps</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">checkout</span><span class="pi">:</span> <span class="s">self</span> <span class="na">submodules</span><span class="pi">:</span> <span class="kc">true</span> <span class="pi">-</span> <span class="na">task</span><span class="pi">:</span> <span class="s">AzureStaticWebApp@0</span> <span class="na">inputs</span><span class="pi">:</span> <span class="na">azure_static_web_apps_api_token</span><span class="pi">:</span> <span class="s">$(AZURE_STATIC_WEB_APPS_API_TOKEN_DELIGHTFUL_BAY_02378850F)</span> <span class="c1">###### Repository/Build Configurations - These values can be configured to match your app requirements. ######</span> <span class="c1"># For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig</span> <span class="na">app_location</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/"</span> <span class="c1"># App source code path</span> <span class="na">api_location</span><span class="pi">:</span> <span class="s2">"</span><span class="s">"</span> <span class="c1"># Api source code path - optional</span> <span class="na">output_location</span><span class="pi">:</span> <span class="s2">"</span><span class="s">dist"</span> <span class="c1"># Built app content directory - optional</span> </code></pre> </div> azurestaticwebapps vue azure devops How to Create, Configure, and Manage a Self-Hosted Agent in Azure DevOps Aamir Khan Sun, 02 Jun 2024 15:37:41 +0000 https://dev.to/aamirkhancr7/how-to-create-configure-and-manage-a-self-hosted-agent-in-azure-devops-2280 https://dev.to/aamirkhancr7/how-to-create-configure-and-manage-a-self-hosted-agent-in-azure-devops-2280 <p>In the intricate realm of DevOps, flexibility and granular control over your build and deployment processes are essential. While Azure DevOps offers robust cloud-hosted agents, there are scenarios where self-hosted agents become indispensable. Whether it’s for specific tool integrations, customized configurations, or compliance with stringent security policies, self-hosted agents provide the ultimate control. This guide will walk you through setting up a self-hosted agent in Azure DevOps, enriched with best practices, detailed steps, and management tips.</p> <h2> Prerequisites </h2> <p>Before diving in, ensure you have the following prerequisites:</p> <ol> <li> <strong>Azure DevOps Account</strong>: Create one at <a href="https://azure.microsoft.com/en-us/services/devops/" rel="noopener noreferrer">Azure DevOps</a> if you haven’t already.</li> <li> <strong>Agent Machine</strong>: A physical or virtual machine running Windows, macOS, or Linux.</li> <li> <strong>Network and Permissions</strong>: Ensure the machine has internet access and administrative permissions to install software.</li> </ol> <h2> Step 1: Create a Personal Access Token (PAT) </h2> <p>To authenticate your self-hosted agent with Azure DevOps, you need a Personal Access Token (PAT).</p> <ol> <li><strong>Navigate to your Azure DevOps organization settings.</strong></li> <li><strong>Select "Personal Access Tokens" under the "Security" tab.</strong></li> <li><strong>Click on "New Token".</strong></li> <li> <strong>Set the appropriate scopes</strong> (e.g., Agent Pools (read, manage)) and create the token.</li> <li> <strong>Copy the token</strong> and store it securely.</li> </ol> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fku1e52674m879n34okx7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fku1e52674m879n34okx7.png" alt="Image description" width="800" height="103"></a></p> <h2> Step 2: Download the Agent Package </h2> <p>On your agent machine:</p> <ol> <li>Navigate to your Azure DevOps project.</li> <li>Go to <strong>Project Settings</strong> &gt; <strong>Agent pools</strong>.</li> <li>Select the desired agent pool or create a new one.</li> <li>Click on <strong>New Agent</strong>.</li> <li>Download the appropriate agent package for your operating system.</li> </ol> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flxc0vs8xod8m6tvrtjfp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flxc0vs8xod8m6tvrtjfp.png" alt="Image description" width="800" height="782"></a></p> <h2> Step 3: Configure the Agent </h2> <h3> On Windows: </h3> <ol> <li><strong>Extract the downloaded zip file.</strong></li> <li> <strong>Open Command Prompt</strong> and navigate to the extracted directory.</li> <li><strong>Run <code>config.cmd</code>.</strong></li> <li> <strong>Provide the server URL</strong> (e.g., <code>https://dev.azure.com/yourorganization</code>).</li> <li> <strong>Paste the PAT</strong> when prompted.</li> <li> <strong>Configure the agent</strong> with the default options or customize as needed.</li> <li> <strong>Run the agent</strong> by executing <code>run.cmd</code>.</li> </ol> <h3> On Linux: </h3> <ol> <li> <p>Download the file<br> </p> <pre class="highlight shell"><code>wget https://vstsagentpackage.azureedge.net/agent/3.239.1/vsts-agent-osx-x64-3.239.1.tar.gz </code></pre> </li> <li> <p><strong>Extract the downloaded tar.gz file:</strong><br> </p> <pre class="highlight shell"><code><span class="nb">tar </span>zxvf vsts-agent-linux-x64-<span class="k">*</span>.tar.gz </code></pre> </li> <li> <p><strong>Navigate to the extracted directory:</strong><br> </p> <pre class="highlight shell"><code><span class="nb">cd </span>vsts-agent-linux-x64 </code></pre> </li> <li> <p><strong>Run the configuration script:</strong><br> </p> <pre class="highlight shell"><code>./config.sh </code></pre> </li> <li><p><strong>Provide the server URL and PAT</strong> when prompted.</p></li> <li> <p><strong>Configure the agent</strong>, then start it:<br> </p> <pre class="highlight shell"><code>./svc.sh <span class="nb">install</span> ./svc.sh start </code></pre> </li> </ol> <h3> On macOS: </h3> <ol> <li> <p><strong>Extract the downloaded tar.gz file:</strong><br> </p> <pre class="highlight shell"><code><span class="nb">tar </span>zxvf vsts-agent-osx-x64-<span class="k">*</span>.tar.gz </code></pre> </li> <li> <p><strong>Navigate to the extracted directory:</strong><br> </p> <pre class="highlight shell"><code><span class="nb">cd </span>vsts-agent-osx-x64 </code></pre> </li> <li> <p><strong>Run the configuration script:</strong><br> </p> <pre class="highlight shell"><code>./config.sh </code></pre> </li> <li><p><strong>Provide the server URL and PAT</strong> when prompted.</p></li> <li> <p><strong>Configure the agent</strong>, then start it:<br> </p> <pre class="highlight shell"><code>./svc.sh <span class="nb">install</span> ./svc.sh start </code></pre> </li> </ol> <h2> Step 4: Verify Agent Configuration </h2> <p>Back in Azure DevOps:</p> <ol> <li><strong>Navigate to "Project Settings" &gt; "Agent Pools".</strong></li> <li> <strong>Select your pool</strong> and check if the new agent is listed and online.</li> </ol> <h2> Managing the Agent </h2> <h3> Removing the Agent </h3> <p>If you need to remove the agent from your pool:</p> <ol> <li> <strong>Stop the Agent</strong>: <ul> <li>On Windows: Run <code>svc.sh stop</code> or manually stop the service from the Services app.</li> <li>On Linux/macOS: Run <code>./svc.sh stop</code>.</li> </ul> </li> <li> <strong>Unconfigure the Agent</strong>: <ul> <li>Navigate to the agent's directory and run the unconfiguration command: <ul> <li>On Windows: <code>config.cmd remove</code> </li> <li>On Linux/macOS: <code>./config.sh remove</code> </li> </ul> </li> </ul> </li> <li> <strong>Delete the Agent Directory</strong>: <ul> <li>Once unconfigured, you can safely delete the agent's directory to free up space.</li> </ul> </li> </ol> <h3> Reconfiguring the Agent </h3> <p>To reconfigure an existing agent:</p> <ol> <li> <strong>Navigate to the Agent Directory</strong>: <ul> <li>If you haven’t deleted the agent directory, navigate back to it.</li> </ul> </li> <li> <strong>Run the Configuration Command</strong>: <ul> <li>On Windows: <code>config.cmd</code> </li> <li>On Linux/macOS: <code>./config.sh</code> </li> </ul> </li> <li> <strong>Follow the Configuration Steps</strong>: <ul> <li>Provide the server URL and PAT when prompted.</li> <li>Customize the agent settings as needed.</li> </ul> </li> <li> <strong>Start the Agent</strong>: <ul> <li>On Windows: Run <code>run.cmd</code> or start the service from the Services app.</li> <li>On Linux/macOS: Run <code>./svc.sh start</code>.</li> </ul> </li> </ol> <h2> Best Practices </h2> <ol> <li> <strong>Security</strong>: Regularly rotate your PATs and ensure they have the least privilege necessary.</li> <li> <strong>Maintenance</strong>: Keep the agent machine updated with the latest security patches and software updates.</li> <li> <strong>Scalability</strong>: For large teams or complex pipelines, consider setting up multiple agents to distribute the workload.</li> <li> <strong>Monitoring</strong>: Utilize Azure Monitor or other monitoring tools to keep an eye on the health and performance of your self-hosted agents.</li> </ol> <h2> Conclusion </h2> <p>Setting up, configuring, and managing a self-hosted agent in Azure DevOps empowers you with greater control and customization of your CI/CD pipelines. It’s a straightforward process that opens up a world of possibilities for optimizing your development workflow. Whether you're integrating specific tools, enhancing security, or boosting performance, a self-hosted agent is a powerful addition to your DevOps toolkit.</p> <p>Happy DevOps-ing!</p> azure devops webdev javascript Javascript Basics Aamir Khan Tue, 11 Jan 2022 10:05:37 +0000 https://dev.to/aamirkhancr7/javascript-insights-47kj https://dev.to/aamirkhancr7/javascript-insights-47kj <p><strong>Spread Operator</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const boo = [1, 2] const foo = [3, 4] const zoo = [...boo, ...foo] console.log(zoo) // prints [ 1, 2, 3, 4] </code></pre> </div> <p><strong>Arrow Function</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const arrow = (a, b) =&gt; a + b console.log(arrow(2, 10)) // prints 12 </code></pre> </div> <p><strong>Function with Default Parameters</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>function fundef(a = 10) { console.log(a) } fundef() // prints 10 fundef(29) // prints 29 </code></pre> </div> <p><strong>Template literals (Template strings)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const word1 = 'Hello' const word2 = `${word1} World` console.log(word2) // prints "Hello World" </code></pre> </div> <p><strong>String includes()</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>console.log('orange'.includes('ge')); // prints true console.log('orange'.includes('zz')); // prints false </code></pre> </div> <p><strong>String repeat()</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>console.log('ab'.repeat(4)) // prints "abababab" </code></pre> </div> <p><strong>String startsWith()</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>console.log('orange'.includes('or')); // prints true; console.log('orange'.includes('ge')); // prints false; </code></pre> </div> <p><strong>Destructing Array</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>let [a, b] = [1, 2] console.log(a); // prints 1 console.log(b); // prints 2 </code></pre> </div> <p><strong>Destructing Object</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>let obj = { a1: 10, b2: 20 }; let { a1, b2 } = obj; console.log(a1); // prints 10 console.log(b2); // prints 20 </code></pre> </div> <p><strong>Object.assign()</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const obj1 = { q: 12 } const obj2 = { a: 33 } const obj3 = Object.assign({}, obj1, obj2) console.log(obj3); // prints { q:12, a: 33 } </code></pre> </div> <p><strong>Destructuring Nested Objects</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const item = { device: "iPadPro", brand: "apple", year: 2020, accessories: { pencil: "2ndGen", charger: "30W", } } const { accessories: { pencil, charger }, device } = item console.log(device, pencil, charger); // prints "iPadPro 2ndGen 30W" </code></pre> </div> <p><strong>Spread Operator</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const v1 = { firstName: "Web", lastName: "Developer" } const v2 = { ...v1, lastName: "Tips", sex: "NA" } console.log(v1); // prints { firstName: 'Web', lastName: 'Developer' } console.log(v2); // prints { firstName: 'Web', lastName: 'Tips', sex: 'NA' } </code></pre> </div> javascript tutorial webdev programming