@financial-times/ed-tech-auth v2.0.0
ed-tech-auth
Authentication middleware for use with editorial tech internal tools
Basic Usage
Install the package in your project
npm install @financial-times/ed-tech-auth
Configure .env file on your project to have the required authentication settins. Check out "Configuration" section below. To use with okta, use the following:
AUTH_METHOD=okta
Require the package on your server
const EdTechAuth = require("@financial-times/ed-tech-auth");
Initialize the authentication, passing the app as a parameter
const express = require("express"); const app = express(); const auth = new EdTechAuth(app);
Whenever the app or a route requires authentication use
app.use(auth.middleware);
Configuration
Configuration is done through the .env file or environment variables on your project.
The required configuration variables depend on the value of AUTH_METHOD
environment variable.
Auth0
AUTH_METHOD=auth0
AUTH_BEHIND_PROXY=[ should be set to true on Heroku or bind proxy. Defaults to false ]
AUTH0_DOMAIN=[ Your Auth0 domain here ]
AUTH0_CLIENT_ID=[ Your Auth0 client ID here ]
AUTH0_CLIENT_SECRET=[ Auth0 client secret here ]
AUTH0_CALLBACK_URL=[ full url for callback after authentication, defaults to /callback with http protocol ]
SESSION_SECRET=[ A secret phrase used to sign the session ID cookie ]
SESSION_MAX_TIME_MS=[ Time afterwards must revalidate with auth0, defaults to an hour ]
To get the required client ID, secret and domain check out your App's settings on Auth0.
Okta
AUTH_METHOD=okta
AUTH_APP_BASE_URL=[ Base URL for the app to be used by Okta ]
AUTH_BEHIND_PROXY=[ should be set to true on Heroku or bind proxy. Defaults to false ]
AUTH_ALLOW_IFRAME=[ should be set to true if the application will be displayed within an iframe. Defaults to false ]
OKTA_CLIENT_ID=[ Yout Okta client ID here ]
OKTA_CLIENT_SECRET=[ Okta client secret here ]
OKTA_ISSUER_URL=[ Okta issuer URL here ]
OKTA_SCOPE=[ Okta scope. Default to "openid offline_access" ]
SESSION_SECRET=[ A secret phrase used to sign the session ID cookie ]
SESSION_MAX_TIME_MS=[ Cookie expiration time. Defaults to 12 hours. Should not be changed without talking to CyberSec ]
Finding the username of logged in user
The username can be found in req.locals.username
, with okta, you have to include email
as an auth scope to get the username