2.0.0 • Published 3 years ago

@financial-times/ed-tech-auth v2.0.0

Weekly downloads
88
License
ISC
Repository
github
Last release
3 years ago

ed-tech-auth

Authentication middleware for use with editorial tech internal tools

Basic Usage

  1. Install the package in your project

    npm install @financial-times/ed-tech-auth

  2. Configure .env file on your project to have the required authentication settins. Check out "Configuration" section below. To use with okta, use the following:

    AUTH_METHOD=okta

  3. Require the package on your server

    const EdTechAuth = require("@financial-times/ed-tech-auth");

  4. Initialize the authentication, passing the app as a parameter

    const express = require("express");
const app = express();
const auth = new EdTechAuth(app);

  5. Whenever the app or a route requires authentication use

    app.use(auth.middleware);

Configuration

Configuration is done through the .env file or environment variables on your project. The required configuration variables depend on the value of AUTH_METHOD environment variable.

Auth0

AUTH_METHOD=auth0
AUTH_BEHIND_PROXY=[ should be set to true on Heroku or bind proxy. Defaults to false ]
AUTH0_DOMAIN=[ Your Auth0 domain here ]
AUTH0_CLIENT_ID=[ Your Auth0 client ID here ]
AUTH0_CLIENT_SECRET=[ Auth0 client secret here ]
AUTH0_CALLBACK_URL=[ full url for callback after authentication, defaults to /callback with http protocol ]
SESSION_SECRET=[ A secret phrase used to sign the session ID cookie ]
SESSION_MAX_TIME_MS=[ Time afterwards must revalidate with auth0, defaults to an hour ]

To get the required client ID, secret and domain check out your App's settings on Auth0.

Okta

AUTH_METHOD=okta
AUTH_APP_BASE_URL=[ Base URL for the app to be used by Okta ]
AUTH_BEHIND_PROXY=[ should be set to true on Heroku or bind proxy. Defaults to false ]
AUTH_ALLOW_IFRAME=[ should be set to true if the application will be displayed within an iframe. Defaults to false ]
OKTA_CLIENT_ID=[ Yout Okta client ID here ]
OKTA_CLIENT_SECRET=[ Okta client secret here ]
OKTA_ISSUER_URL=[ Okta issuer URL here ]
OKTA_SCOPE=[ Okta scope. Default to "openid offline_access" ]
SESSION_SECRET=[ A secret phrase used to sign the session ID cookie ]
SESSION_MAX_TIME_MS=[ Cookie expiration time. Defaults to 12 hours. Should not be changed without talking to CyberSec ]

Finding the username of logged in user

The username can be found in req.locals.username, with okta, you have to include email as an auth scope to get the username

@financial-times/n-logger@financial-times/okta-express-middleware@financial-times/secret-squirrelcookie-sessiondotenvexpress-sessionmemorystorepassportpassport-auth0
@everything-registry/sub-chunk-323
2.0.0

3 years ago

2.0.0-alpha.0

3 years ago

1.7.0

3 years ago

1.6.0

4 years ago

1.5.0

4 years ago

1.4.1

4 years ago

1.4.0

4 years ago

1.3.0

4 years ago

1.2.0

4 years ago

1.1.0

4 years ago

1.0.2

4 years ago

1.0.1

4 years ago

1.0.3

4 years ago

1.0.0

4 years ago