Web app for registering user phone numbers for Multi-Factor Authentication in Azure Active Directory externally.

This app allows users to add a phone number for MFA without MFA.

This app consists of a frontend application and REST API endpoints.
The frontend application, running on user browsers, is coded in JavaScript (ES6: ECMAScript 2015) using React.
The REST API endpoints are provided by a server-side application implemented in Ruby using Sinatra, which calls Microsoft Graph API to add and update a phone number to a user.

Caution: You MUST protect this app with some user authentication by means other than Azure AD.

• Web browsers supporting ES6

• Ruby >= 2.7

• Node.js >= 14.0.0

Register an application in the Azure portal and grant it UserAuthenticationMethod.ReadWrite.All permission, for the server-side applicaiton to access Microsoft Graph API.
You need either a certificate assertion or a client secret as a credential for application authentication.
For computing a client assertion for a certificate, you can use msidp-cert2assertion command in msidp-endpoint gem.
See Microsoft documents, for details of application registration.

Ref:

• Quickstart: Register an application with the Microsoft identity platform
• Quickstart: Configure a client application to access a web API

1. Checkout this repository.

   git clone https://github.com/simayosi/aad-authphone-reg
   cd aad-authphone-reg

2. Build the frontend application.

   cd app; yarn build

3. Upload files under app/build to your web server.
4. Upload files under api to your web server.
5. Install required ruby gems in the directory you copied api on your server.

   bundle install

6. Configure your web server to route /api to the port 9292.
7. Start the server-side application as an HTTP server with required environment variables.

   export MSGRAPH_TENANT=yourtenant.onmicrosoft.com    # tenant ID
   export MSGRAPH_CLIENT_ID=client_ID      # assigned application (client) ID
   export MSGRAPH_CLIENT_ASSERTION=JWT_assertion_string    # in certificate assertion case
   export MSGRAPH_CLIENT_SECRET=client_secret  # in client secret case
   bundle exec rackup

8. Start your web server.

This sample is for test purposes only.

Create app_config.rb file in api directory on your server.

app.use Rack::Auth::Basic do true end

Configure your nginx.

http {
    server {
        ...
        location / {
            root   /path/to/uploaded/build/directory;
            index  index.html;
            auth_basic "Authentication required";
            auth_basic_user_file htpasswd;
        }
        ...
        location /api/ {
            proxy_pass http://localhost:9292/;
        }
    }
}

See app/README.md and api/README.md.