b2trader.identity.auth v1.2.0
b2trader.identity.auth
Description
Use this library to introduce authorization via IdentityServer for B2Trader.
How to use
Install the library
First, install the library using npm:
npm i b2trader.identity.authSign in
Next, create an instance of the IdentityAuth class with the following arguments:
- set URL to
IdentityServer - set the client ID (
spaorspa_admin) - the remaining parameter is a client secret, which is needed only if the client is
spa_admin
| name | type | is required |
|---|---|---|
| identityServerUrl | string | required |
| clientId | 'spa' or 'spa_admin' and core_ib or lk for machine-to-machine sign in | required |
| clientSecret | string | required in case with clientId is spa_admin, core_ib or lk |
After this, proceed as follows:
To sign in via IdentityServer, you need to send several requests in a certain order.
Call
signIn(email, password)and provide the user email and password as arguments.Here is an example of a successful answer:
{ "secondFactorRequired": false, "account": { "nickname": "someNickname", "email": "someNickname@example.com", "id": "10e3bfcf-56f7-421d-84ea-1700209ae121" } }Here is a sample response to an incorrect email or password:
{ "errors": [ { "code": "SignInUnsuccessful", "message": "The sign-in was unsuccessful" } ] }Call
authorize()to get the authorization code.In response to this request, a redirect message is sent.
If the provided data is correct, you are redirected to:
https://example.com/sign-in-done?code=ebd6574c9a734ec47b375dbfff951964a8935e0e9690a00be80b54a3d7ff48b2&scope=openid%20profile%20FrontOffice%20BackOffice%20offline_access&state=f27332fa-4e7a-4a82-a586-00e58ec63333&session_state=QjgS-hVe-y9rdqjIKxHyf4Jp9iT8uFxIijYsnHuRIoU.1a16e4bc02f924a173a684122e41c5ceIf some of the provided data is incorrect, you are redirected to:
https://example.com/identity/unauthorizedCall
retrieveToken(authorize_code)to obtain data with tokens.Here is a sample response you get upon specifying a correct
authorize_code:{ "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NTU1MDE4MjQsImV4cCI6M....", "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NTU1MDE4MjQsImV4c....", "expires_in": 60, "token_type": "Bearer", "refresh_token": "d1176eb2c6543c476c7594ef236097543c16ef8c5d288016d296c4ff88f58755", "scope": "openid FrontOffice offline_access" }If something is wrong or the code is incorrect, you get an
Unauthorized-type response:{ "type": "https://tools.ietf.org/html/rfc7235#section-3.1", "title": "Unauthorized", "status": 401, "traceId": "00-f6213a0fd91d5a4a34416e6888533e62-eef840f862681e70-00" }
With the actual tokens at hand, you can use access_token to access FrontOffice and/or BackOffice.
For this, you only need to include access_token in headers: Authorization: Bearer access_token
Refresh the token
By default, access_token for spa and spa_admin users is valid for 30 seconds. When the time period in seconds specified for the expires_in parameter (in a retrieveToken or refreshToken request) expires, the token must be refreshed to continue sending requests.
To refresh the token, call refreshToken(refreshToken: string) with the latest refresh token specified as a parameter. The same refresh_token can only be used once.
Sign out
To revoke tokens and sign out, call the signOut(accessToken: string, refreshToken?: string) method.
If the refresh_token parameter is not specified, all the refresh tokens issued are revoked for credentials matching the current user/clientId combination.
Once logged out, the access_token is valid until it expires (for spa users, in 30 seconds by default). To revoke the token, it must be removed from the local storage on the client side.
Sign In (machine-to-machine - not for browsers)
To sign in using IdentityServer by following a machine-to-machine authorization flow, create an instance of the IdentityAuth class with custom parameters:
const b2TraderApiUrl = 'https://example.com';
const identityAuthMachineToMachine = new IdentityAuth(b2TraderApiUrl, 'core_ib', 'some_core_ib_secret');
const authResponse = await identityAuthMachineToMachine.machineToMachineSignIn('example@mail.com', 'pass');Use the following combinations of credentials to enable the machine-to-machine flow:
- clientId = lk, clientSecret = some_lk_secret
- clientId = core_ib, clientSecret = some_core_ib_secret
Examples
Browser, clientId = spa
import {IdentityAuth} from 'b2trader.identity.auth';
const b2TraderApiUrl = 'https://example.com';
const identityAuth = new IdentityAuth(b2TraderApiUrl, 'spa');
const signInResponse = await identityAuth.signIn('login', 'password');
const authorizeCode = await identityAuth.authorize();
const tokenData = await identityAuth.retrieveToken(authorizeCode);Browser, client = spa_admin
import {IdentityAuth} from 'b2trader.identity.auth';
const b2TraderApiUrl = 'https://example.com';
const identityAuth = new IdentityAuth(b2TraderApiUrl, 'spa_admin', 'client_secret_admin');
const signInResponse = await identityAuth.signIn('login', 'password');
const authorizeCode = await identityAuth.authorize();
const tokenData = await identityAuth.retrieveToken(authorizeCode);NodeJS
const identity = require('b2trader.identity.auth');
const b2TraderApiUrl = 'https://example.com';
const identityAuth = new identity.IdentityAuth(b2TraderApiUrl, 'spa');
identityAuth
.signIn('example@mail.com', 'pass')
.then(response => response.headers.get('set-cookie'))
.then(cookies => identityAuth.authorize({Cookie: cookies}))
.then(code => identityAuth.retrieveToken(code))
.then(authData => {
/* some code aith authorized user */
});License
(BSD) The b2trader.identity.auth is licensed under a permissive 3-clause BSD license. Contributions must be made under the same license.