1.0.0 • Published 5 years ago

passport-authsider v1.0.0

Weekly downloads
2
License
MIT
Repository
github
Last release
5 years ago

passport-authsider

The Authsider strategy for Passport.js.

Installation

npm install passport-authsider

Configuration

const AuthsiderStrategy = require('passport-authsider').Strategy;

const strategy = new AuthsiderStrategy({
    domain: 'your-tenant.authsider.io',
    clientID: 'your-client-id',
    clientSecret: 'your-client-secret',
    callbackURL: 'https://www.your-website.com/login/callback',
}, function(accessToken, refreshToken, params, profile, done) {
    // accessToken: JWT or opaque token to call either the Authsider Authentication API or
    //              your custom API if an `audience` is requested.
    // refreshToken: opaque token to allow you to refresh your accessToken. Only provided if
    //               the requested scope contains `offline_support` and your target audiance
    //               allows it.
    // params: extra parameters from the /token response.
    // profile: information about the user.
    done(null, profile); 
});

passport.use(strategy);

User profile

By default, the Authsider strategy provides a Passport-like profile.

Optionally, you can configure the strategy to provide an OIDC-compliant user profile when calling the strategy constructor:

const AuthsiderStrategy = require('passport-authsider').Strategy;

const strategy = new AuthsiderStrategy({
    // ...
    oidcCompliantProfile: true,
}, function(accessToken, refreshToken, params, profile, done) {
    // ...
});

State

The OAuth 2.0 specification recommends the usage of the state parameter in authorization requests. The Authsider strategy provides support for it by default and requires session support to be enabled in your Express app.

Even though not being recommended, if you need to disable support for it, you can do so in the strategy's constructor:

const AuthsiderStrategy = require('passport-authsider').Strategy;

const strategy = new AuthsiderStrategy({
    // ...
    state: false,
}, function(accessToken, refreshToken, params, profile, done) {
    // ...
});

Usage

app.get('/login', 
    passport.authenticate('authsider', {}), 
    function (req, res) {
        res.redirect('/');
    }
);

app.get('/login/callback',
    passport.authenticate('authsider', { failureRedirect: '/login' }),
    function(req, res) {
        if (!req.user) {
            throw new Error('Undefined user. Cannot proceed...');
        }
    
        res.redirect('/');
    }
);

Additional login options

// Specify the authorization request scope
app.get('/login', 
    passport.authenticate('authsider', { scope: 'openid email profile' }), 
    function (req, res) {
        res.redirect('/');
    }
);
// Specify a target audience
app.get('/login', 
    passport.authenticate('authsider', { audience: 'https://api.example.com/' }), 
    function (req, res) {
        res.redirect('/');
    }
);

Examples

Check out our sample web app to get you started.

authsiderauthenticationpassportpassport.js
passport-oauth2
@infinitebrahmanuniverse/nolb-passport-a
1.0.0

5 years ago