1.0.0 • Published 5 years ago
passport-authsider v1.0.0
passport-authsider
The Authsider strategy for Passport.js.
Installation
npm install passport-authsider
Configuration
const AuthsiderStrategy = require('passport-authsider').Strategy;
const strategy = new AuthsiderStrategy({
domain: 'your-tenant.authsider.io',
clientID: 'your-client-id',
clientSecret: 'your-client-secret',
callbackURL: 'https://www.your-website.com/login/callback',
}, function(accessToken, refreshToken, params, profile, done) {
// accessToken: JWT or opaque token to call either the Authsider Authentication API or
// your custom API if an `audience` is requested.
// refreshToken: opaque token to allow you to refresh your accessToken. Only provided if
// the requested scope contains `offline_support` and your target audiance
// allows it.
// params: extra parameters from the /token response.
// profile: information about the user.
done(null, profile);
});
passport.use(strategy);
User profile
By default, the Authsider strategy provides a Passport-like profile.
Optionally, you can configure the strategy to provide an OIDC-compliant user profile when calling the strategy constructor:
const AuthsiderStrategy = require('passport-authsider').Strategy;
const strategy = new AuthsiderStrategy({
// ...
oidcCompliantProfile: true,
}, function(accessToken, refreshToken, params, profile, done) {
// ...
});
State
The OAuth 2.0 specification recommends the usage of the state
parameter in authorization requests. The Authsider strategy provides support for it by default and requires session support to be enabled in your Express app.
Even though not being recommended, if you need to disable support for it, you can do so in the strategy's constructor:
const AuthsiderStrategy = require('passport-authsider').Strategy;
const strategy = new AuthsiderStrategy({
// ...
state: false,
}, function(accessToken, refreshToken, params, profile, done) {
// ...
});
Usage
app.get('/login',
passport.authenticate('authsider', {}),
function (req, res) {
res.redirect('/');
}
);
app.get('/login/callback',
passport.authenticate('authsider', { failureRedirect: '/login' }),
function(req, res) {
if (!req.user) {
throw new Error('Undefined user. Cannot proceed...');
}
res.redirect('/');
}
);
Additional login options
// Specify the authorization request scope
app.get('/login',
passport.authenticate('authsider', { scope: 'openid email profile' }),
function (req, res) {
res.redirect('/');
}
);
// Specify a target audience
app.get('/login',
passport.authenticate('authsider', { audience: 'https://api.example.com/' }),
function (req, res) {
res.redirect('/');
}
);
Examples
Check out our sample web app to get you started.
1.0.0
5 years ago