Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

moneypenny

Package Overview
Dependencies
Maintainers
3
Versions
17
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

moneypenny

Authentication Server

  • 0.2.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
2
Maintainers
3
Weekly downloads
 
Created
Source

moneypenny

moneypenny - Authentication Service

Circle CI Coverage Status

Moneypenny acts as an authentication service that offers multiple authentication strategies to a backend service and sends a JSON web token(JWT) encripted using a shared secret as a response.

Other services in the architecture should also know the shared secret allowing the token to be passed around in API calls to provide user information related to the request.

##Endpoints.

###/auth/details ####GET Returns the details for the current logged in user.

###/auth/jwt ####GET Returns a JWT of the current signed in users details This is a debug method that should be deleted from a production system or only allowed to be accessed by services

###/auth/local/login ####POST Publically accessable endpoint for local authentication, redirects the user to the last requested page or /auth/details if no page is found.

#####Params

  • username - username for the user to be authenticated
  • password - password for the user to be authenticated

###/auth/saml/login ####GET

SAML login route.

  • Redirects the user to the SAML Identity Provider server currently hardcoded to salesforce
  • After user is logged into SAML server user is redirected back to the authenitication service, and a session is established over SAML

###/auth/saml/login/callback ####POST

SAML callback *Callback URL for SAML, used by the SAML stratergy after the user has authenticated with the identity procider.

###/oauth2/authorization ####GET oAuth2 server authorization endpoint.

  • Endpoint is used to request that the server gives a user authorization via oAuth.
  • Returns a code to the client, that it will then send to the remote server.

###/oauth2/token ####POST oAuth2 token endpoint.

Called when the remote server requests a token from the server.

  • Remote server will POST the code it recived from the client during the authorization stage
  • Moneypenny returns a JWT to the remote server.
  • Remote server can then decode user details from JWT.

##MongoDB Collections.

###local_users A list of local users, use for a local authentication stratergy on moneypenny.

In the future a remote trusted server should be able to do a POST request with local user details and get a JWT as a response

###oauth_client_store A list of oAuth2 clients and their shared secrets (different shared secret from JWT)

###oauth_code_store A list of oAuth2 codes, this code is past via the web browser on an oAuth 2 request and is then used to request a token.

The tokens are also JWT currently and are encoded with the same key. although this should be different since they are seen by the web client.

###oauth_refresh_token

A list of refresh tokens that are used to refresh the oauth token when it expires.

###oauth_token

A list of the oAuth tokens that have been sent to the services, these tokens are also JWT, and therefor services that get access tokens from the service can decode user information from the access token, and pass the access tokens to other services.

###session_users

Users logged into sessions on the server, This list contains both SAML and Local users, and is the user encoded in the JWT.

FAQs

Package last updated on 20 Jan 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc