Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



Deploys the auth actions.

Version published



Build Status License


Openwhisk Package for setting up actions used in authentication flow.

Logging in Users using an Authentication Sequence

The goal is to create an authentication flow that is composed from a sequence of actions:

  login -> encrypt -> persist (SET) -> register_my_webhook (not implemented here) -> redirect
  • login - uses actions-auth-passport action.
  • encrypt - uses ./action/encrypt.js to enable sequencing to the persist action (TBD: Will be renamed to format).
  • persist - uses auth-cache-dynamodb.
  • redirect - uses redirect.js from actions-auth-passport action. This action redirects the end user to a confirmation page, after a successful login. The redirect URL can be controlled by either providing a default redirect_url to the login action, but it can also be overridden for special cases through the success_redirect parameters of the login action.

The user experience starts with the login action, which takes the end-user through the authentication UI of the corresponding provider. Once the login is successful the sequence executes all the actions, and at the end, the last action should redirect the user to a home page.

Installing supporting actions

For a quick setup use:

$ npm run deploy

This command sets up 2 packages in a user's namespace( system in the example bellow ):

$ wsk package get oauth --summary
  package /system/oauth
   action /system/oauth/login

$ wsk package get cache --summary
  package /system/cache
   action /system/cache/encrypt
   action /system/cache/persist
  • the oauth package contains the login action with no default parameters;
  • the cache package contains the encrypt and persist actions

NOTE: These packages could be publicly available from a system package, so that other namespaces can reference/bind to them. This offers the flexibility to maintain the supporting actions in a single place, vs having them copied and installed in each namespace.

Configuring Adobe as an authentication provider

$ CLIENT_ID=AAA CLIENT_SECRET=BBB SCOPES=openid,AdobeID make adobe-oauth

This command uses /system/oauth/login to create a package binding, configuring the credentials via default parameters. Then it creates the final action as a sequence ( login -> encrypt -> persist). To make for a nicer URI, the sequence action is placed in its own package so that it's presented to the end users as: /api/v1/web/guest/adobe/authenticate.

Retrieving the persisted info

Use the same persist action used during authentication to retrieve the information. B/c the information is encrypted with Openwhisk Namespace API-KEY it can only be decrypted by actions within the same namespace. The API-KEY belonging to the namespace is injected by Openwhisk as an environment variable at invocation time.

persist (GET) -> decrypt
  • persist is the same action used during Authentication


Contributions are welcomed! Read the Contributing Guide for more information.


This project is licensed under the Apache V2 License. See LICENSE for more information.


Last updated on 05 Nov 2019

Did you know?


Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap


Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc