devmtn-auth
Advanced tools
This authentication service should be considered deprecated. Existing applications will continue to work, all new applications should utilize the DevMountain Single-Sign-On Service.
Contact a member of the development team for details.
This module is a Passport strategy to allow for DevMountain microservice authentication with relatively little configuration. You get all the normal benefits of Passport, including auth redirect/callback, req.user and req.logout, and serializing the user onto the session. Successful authentication will provide a user object with email, user roles, and the unique id from the authentication server database. If your app needs different/more information, it must be configured on DevMountain's app.
Example/recommended server setup here.
Testing: npm test.
Install devmtn-auth: npm i -S devmtn-auth
Add devmtnAuthConfig.js to your .gitignore
touch a devmtnAuthConfig.js and set it up like this (you provide specific values):
module.exports = { app : 'app-name' , client_token : 'client-token' , callbackURL : 'callbackURL' , jwtSecret : 'jwtSecret' }
That's it for setup! However, for this to work, your app must be configured on the authentication server, and you must be given appropriate configuration values.
The token can be accessed in the verification callback when you set up the strategy.
passport.use('devmtn', new DevmtnStrategy(devmtnAuthConfig, function(jwtoken, user, done){
// could attach the token to the session for use against DevMountain APIs
req.session.jwtoken = jwtoken
User.findOrCreate({email: user.email}, function(err, local_user){
return done(err, local_user)
})
}))
For convenience, devmtn-auth exposes a checkRoles function that can be used to verify user
roles from the decoded JSON web token.
var Devmtn = require('devmtn-auth')
Devmtn.checkRoles(req.user, 'student')
// returns bool
devmtn-auth also has an optional 'clearJwtAuthCookie' middleware function to clear the auth cookie that is used for SSO.
var Devmtn = require('devmtn-auth')
app.get('/logout', Devmtn.clearJwtAuthCookie, (req, res, next) => {
req.logout();
res.redirect('/');
})
FAQs
devmountain.com authentication module using json web tokens
We found that devmtn-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.