1.0.9 • Published 4 years ago

authenticator_oauth2.0 v1.0.9

Weekly downloads
-
License
ISC
Repository
-
Last release
4 years ago

Authenticator Module

Simple promise-based authenticator for systems using OAuth 2.0 protocol.

Features:

  • Generate authentication token
  • Make calls to consume third party system APIs exposed
  • Simple structure
  • Easy to configure
  • Multiple storage option for token- in session or in database.
  • Easy to setup and use, plug n play functionality
  • Can handle multiple third party systems using OAuth2.0

Configuration:

  • The module make use of two files for configuration.

First is the .env file. This file contains the following necessary details-

  • Port Number- stores the port number for the app to run on.
  • URL for Mongo DB
  • Location identifier for storing token- If you wish to store the token in Database, set TOKEN_LOCATION to DB, otherwise set the value to session.
  • Configuration details of every system. Contains the URL for fetching auth token, Client ID and Secret Key.

Syntax to be followed for keeping the system specific configuration items-

<System-Name>_<Config-item>

Example: If the system is HYBRIS and we want to store its Client ID, the key name would be - HYBRIS_CLIENT_ID and other keys for hyrbis would be- HYBRIS_SECRET_KEY and HYBRIS_URI Sample .env file- 

# Port number for the localhost server.
PORT=3000

# URL for the Mongo DB. 
MONGO_URL='mongodb://localhost/'

# Configuration of Hybris system- Client ID, Secret Key and URL for getting authorisation token.
SYSTEM1_CLIENT_ID= ‘sample-key’
SYSTEM1_SECRET_KEY=’sample-password’
SYSTEM1_URI= 'https://auth/server/path’

# Configuration of system- Client ID, Secret Key and URL for getting 
SYSTEM2LIENT_ID=‘sample-key’
SYSTEM2_SECRET_KEY='sample-password'
SYSTEM2_URI= 'https://auth/server/path’

# Key for setting location of token storage. Currently two locations are supported- DB or session. 
TOKEN_LOCATION= "session"

Second configurable file is the dbconfig file-

  • This file will contain the configurable Database name and the table name.
  • The database to be used must have a few fields mandatory.
  • The table must contain the following columns-
  • access_token
  • token_type
  • expires_in
  • scope
  • system
  • createdOn
  • Here’s a sample schema for MongoDB- 
schema = {
    access_token: { type: String, required: true, unique: true},
    token_type: { type: String, required: true },
    expires_in: { type: Number, required: true },
    scope: { type: String, required: true },
    system: {type: String, required: true},
    createdOn: {type: Date, required: true}
  };

Using Authenticator Module

Require the module

const authenticator = require('authenticator_oauth2.0').authenticator;

Fetching the token-
  • The token can be fetched by calling the method getToken() of authenticator object.
  • It’s returns a promise so you’d have to use then and catch to handle the resolve and reject events.
  • The method requires two parameters-
  • the request object (for maintaining session details and other request parameters)
  • the other parameter is the “system”, which signifies the system for which we are trying to connect to. Based on the system parameter, Auth token would be fetched. 
authenticator.getToken(request, 'HYBRIS')
    .then(res => {
        // handle success scenario
    })
    .catch(err=> {
        // handle error scenarios  
    }
  • The method first checks for the token in DB/Session as per the configuration.
  • If the token is found, the same is returned, else a new token is generated by making a POST call to the system’s authorization token server url as per the .env file.
Consuming system specific APIs-
  • This feature consumes the API of the system.
  • It first fetches the token required to make the API call and then calls the API.
  • In case the token has expired, we also make a fresh call to fetch the token again(i.e. refresh token) and make the call to the API.
  • The response of the API to be called is then sent as response.
  • To use this functionality, authenticator object exposes a method call “apiRequest”. Here’s how we can use it-
apiRequest(options,request, 'HYBRIS')
    .then( res => {
        response.json(res);
    })
    .catch(err => {
        response.json(err);
    })
  • The method needs three parameters
  • Options: contains the details to call the api. It contains the URL, method, query parameters, header information and body, in case of post request type.
  • The object will have the following fields-
  • url- containing the URL of the API
  • method- Will contain the type of API request- GET, POST, DELETE, etc
  • data – will contain the object that needs to be sent as a body parameter
  • headers- will contain all the necessary headers for the API call
  • params: will contain all the query parameters
    {
        "url":"https://localhost:8080/call/to/api",
        "method":"POST",
        "data":{
                "firstName": "Umang",
                "lastName": "Kathuria
        
        },
        "headers":{
        },
        "params": {
            "fields": "BASIC"
        }
    }
  • Second parameter is the request object containing the session details. This is used to fetch the saved token in the session.
  • Third parameter is the system in which the API is called.
OAuth2.0authenticator
axiosdotenvmongoosevalidator
@everything-registry/sub-chunk-1184
1.0.9

4 years ago

1.0.8

4 years ago

1.0.7

4 years ago

1.0.6

4 years ago

1.0.5

4 years ago

1.0.4

4 years ago

1.0.2

4 years ago

1.0.1

4 years ago

1.0.0

4 years ago