oniyi-http-plugin-credentials
Advanced tools
A plugin for oniyi-http-client for automatic attachment of user credentials
An async plugin for oniyi-http-client to resolve and attach credentials to request params
This plugin is designed to work with the third-party login component of loopback. The third-party login component is heavily based on passportjs. To make things work more broadly, I also wrote a loopback extension to allow the usage of custom auth schemes oniyi-loopback-passport-custom-schemes.
$ npm install --save oniyi-http-plugin-credentials
const OniyiHttpClient = require('oniyi-http-client');
const oniyiHttpPluginCredentials = require('oniyi-http-plugin-credentials');
const clientOptions = {};
const httpClient = new OniyiHttpClient(clientOptions);
const pluginOptions = {
providerName: 'my-auth-provider', // Name of the provider that credentials should be resolved for
removeUserProp: true, // should plugin remove `user` prop from `reqParams`
userPropName: 'user', // name of the `reqParams` property that holds the `user` object
credentialsMethodName: 'getCredentialsForProvider', // name of the method on `user` object that resolves credentials for `providerName`
};
const plugin = oniyiHttpPluginCredentials(pluginOptions);
httpClient.use(plugin);
The oniyi-http-plugin-credentials module exports a factory function that takes a single options argument.
available options are:
undefined (string, required) - is passed to getCredentialsForProvider to indicate which backend we need credentials fortrue (boolean, optional) - indicates if the user property should be removed from the request optionsuser (string, optional) - name of the reqParams property that holds the user objectgetCredentialsForProvider (string, optional) - name of the method on user object that resolves credentials for providerNameplugin.load() retrieves an object with parameters (origParams) that will later be used to make an http(s) request. From there, the following flow is applied:
copy origParams into reqParams. Depending on options.removeUserProp, the original prop named options.userPropName will be omitted or included.
read prop named options.userPropName from origParams into user.
If user can not be found, abort flow and invoke callback with origParams.
If user[options.credentialsMethodName] is not a function, invoke callback with Error.
Invoke user[options.credentialsMethodName] with options.providerName and reqParams as well as a callback function.
Now user[options.credentialsMethodName] is supposed to resolve credentials for user and the authentication provider. This resolution should happen async and results be passed to our local callback (which takes err and credentials arguments).
If an error occurs, plugin flow is aborted and err passed to callback.
If credentials is falsy, plugin flow is also aborted and callback invoked with an according error.
At this point, we let user[options.credentialsMethodName] resolve credentials for the auth provider that this plugin instance is configured for – and no errors occurred.
Now the plugin applies credentials to reqParams. For that, credentials.type is mapped against a list of supported credential types. If credentials.type is supported, that type specific implementation is invoked with reqParams and credentials.payload.
Each credentials type expects a different layout of credentials.payload.
Reads username, password and optionally sendImmediately (default: true) and authType (default: basic) from payload and injects them into reqParams.
Use this type when you have username and password at hand (plain)
Reads token and optionally sendImmediately (default: true) and authType (default: oauth) from payload and injects them into reqParams.
Use this type when you have e.g. an OAuth2 / OIDC access token at hand
Reads cookie and optionally authType (default: cookie) from payload and injects them into reqParams. The value of cookie is set into reqParams.headers.cookie. If reqParams.headers.cookie was not empty to begin with, value of cookie is appended.
Use this type when you have an authentication cookie (e.g. LtpaToken2 for IBM Websphere ApplicationServer) at hand.
Reads value and optionally name (default: authorization) and authType (default: undefined) from payload and injects them into reqParams. The value is set into reqParams.headers[name].
Use this type for any other form of credentials that are provided in a http header. E.g. if you only have basic credentials already base64 encoded or you're working with a custom TAI for IBM Websphere ApplicationServer where you simply pass an encrypted username to the remote host.
MIT © Benjamin Kroeger
FAQs
A plugin for oniyi-http-client for automatic attachment of user credentials
The npm package oniyi-http-plugin-credentials receives a total of 3 weekly downloads. As such, oniyi-http-plugin-credentials popularity was classified as not popular.
We found that oniyi-http-plugin-credentials demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.