moneypenny
Advanced tools
[
](https://circleci.com/gh/blueflag/m
oneypenny/tree/master)
Moneypenny acts as an authentication service that offers multiple authentication strategies to a backend service and sends a JSON web token(JWT) encripted using a shared secret as a response.
Other services in the architecture should also know the shared secret allowing the token to be passed around in API calls to provide user information related to the request.
##Generating Documentation
npm run doc
##Related Projects
##Sample Useage
##Endpoints
The following endpoints are established by the initialize(app) function
| Endpoint | Description |
|---|---|
| /oauth2/authorization | oAuth2 Authorization Endpoint |
| /oauth2/token | oAuth2 Token Endpoint |
| /logout | Logout user from moneypenny |
##API documentation.
Authentication server that uses both oAuth2 and JWT for authentication For single sign on.
MoneyPenny ⏏
MoneyPenny ⏏Create a moneypenny server
Kind: Exported function
Returns: MoneyPenny - moneypenny service.
| Param | Type | Description |
|---|---|---|
| options | Options | options to configure moneypenny with. |
Middleware for checking that people using the service are authenticated.
Adds req.sesson.returnTo, the url to redirect the user to after login.
Kind: inner property of module.exports
| Param | Type | Description |
|---|---|---|
| req | request | express request to check authenticated |
| res | response | express response related to this request |
| next | function | callback to next middleware to handle request. |
Middleware for checking that people using the service are authenticated.
Adds req.sesson.returnTo, the url to redirect the user to after login.
Kind: inner method of module.exports
| Param | Type | Description |
|---|---|---|
| req | request | express request to check authenticated |
| res | response | express response related to this request |
| next | function | callback to next middleware to handle request. |
Initalize moneypenny. adds oauth authentication endpoints to express app
Kind: inner method of module.exports
| Param | Type | Description |
|---|---|---|
| app | express-app | the express app that this will run on. |
Example
var express = require('express');
var moneypenny = require('moneypenny');
var MongoStore = require('moneypenny-mongo-storage');
var MongoClient = require('mongodb').MongoClient;
MongoClient.connect('monogdb://localhost:27017/moneypenny', function(err, db) {
var mpMongoStore = MongoStore(db);
var app = express();
var mpOptions = {
secretOrPrivateKey: 'topsecret',
storageProvider: mpMongoStore
}
var mps = moneypenny(mpOptions);
// Following endpoints will be addded to the server.
// /oauth2/token - token endpoint.
// /logout - logout endpoint.
// /oauth2/authorization - authorization endpoint.
mps.initialize(app);
});
Used for passport to serialize the session user. using this method will allow the oauth server to send whatever details are in the user object serialized.
Kind: inner method of module.exports
See: http://passportjs.org/docs/configure#sessions
Example
passport.serializeUser(authServer.serializeUser);
Example
//remove password from user, then serialize.
passport.serializeUser((user, done)=>{
user.password = ''
return authServer.serializeUser(user, done);
})
Used for passport to deserialize the session user.
Kind: inner method of module.exports
Example
passport.deserializeUser(authServer.deserializeUser);
Helper method for login, this method can be used once a login is established from a passport strategy
It will redirect the users back to the approprate locationexpiresIn
Kind: inner method of module.exports
| Param | Type | Description |
|---|---|---|
| req | request | express request to check authenticated |
| res | response | express response related to this request |
| next | function | callback to next middleware to handle request. |
StringExpress middleware that returns a JWT token.
Kind: inner method of module.exports
Returns: String - jwt token for the user
| Param | Type | Description |
|---|---|---|
| req | request | Express JS Request Object |
| res | response | Express JS Response Object |
StringSign a JWT token.
Kind: inner method of module.exports
Returns: String - encoded JWT token.
| Param | Type | Description |
|---|---|---|
| user | Object | user to encode. |
| ttl | Number | time for the token to live. (set to value in option if none is sent) |
ObjectGet a user from a JWT token.
Kind: inner method of module.exports
Returns: Object - enncoded user object.
| Param | Type | Description |
|---|---|---|
| JWT | String | token to decode. |
Helper method for logging out, logs user out of authentication server after logging user out from all other servers.
Not Yet Implemented
Kind: inner method of module.exports
| Param | Type | Description |
|---|---|---|
| req | request | express request |
| res | response | express response |
| next | function | callback to next middleware to handle request. |
OptionsOptions that will be passed to the moneypenny server to determine how to initialize.
Kind: inner typedef of module.exports
Properties
| Name | Type | Description |
|---|---|---|
| redirectUrl | String | default redirect url to use if no previous url is found. |
| loginUrl | String | url to redirect to for login. |
| secretOrPrivateKey | String | secret or private key to use for JWT encryption. |
| ttl | Number | lifespan of a token. |
| storageProvider | StorageProvider | storage provider to use to store autentication details. Such as 'moneypenny-mongo-store'. @see https://github.com/blueflag/moneypenny-mongo-storage |
FAQs
Authentication Server
The npm package moneypenny receives a total of 2 weekly downloads. As such, moneypenny popularity was classified as not popular.
We found that moneypenny demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.