paale-dai ======================= [![NPM Version][npm-image]][npm-url] [![NPM Downloads][downloads-image]][downloads-url] [![Build Status][travis-image]][travis-url] [![Test Coverage][coveralls-image]][coveralls-url]
paale-dai is an express based middleware for creating SSO based authentication microservice.
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system.
Other shared authentication schemes include OAuth, OpenID, OpenID Connect and Facebook Connect. However, these authentication schemes require the user to enter their login credentials each time they access a different site or application so they are not to be confused with SSO.
const paale = require('paale-dai');
const handler = require('paale-dai/handler/google-oauth2');
const jwtStorage = require('paale-dai/storage/jwt');
const server = paale(
handler('GOOGLE_CLIENT_ID', 'GOOGLE_CLIENT_SECRET'),
jwtStorage(),
);
server.listen();
// using paale-dai as a middleware
// or express().use('/paale', server);
This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:
$ npm install paale-dai
A demo can be found at //paale-dai.herokuapp.com/?service=http://app1.mycompany.com
Handler is the object which actually handles the authentication. Currently, this modules only ships with google-oauth2 handler which does authentication based on google oauth2. Similarly you can rewrite your own handler like based on facebook oauth2 flow.
const handler = {
landing(callbackPath) {
return (req, res, next) => {
// render login page here
};
},
authentication(callbackPath) {
return (req, res, next) => {
if (user = validateUser(req.body.username, req.body.password)) {
req.paale_user = user;
next();
}
// incorrect authentication attempt
};
},
parseService(req) {
return req.query.service;
}
};
You can enable cookie support using package cookies if you don't want the handler to do authentication every time login request is made by the user.
const express = require('express');
const Cookies = require('cookies');
const app = express();
app.use(Cookies.express());
paale(
handler(),
jwtStorage(),
{
useCookie: true,
app
}
);
paale(
handler,
tokenStorage,
{
identityPath = '/user',
landingPath = '/',
callbackPath = '/authentication',
callbackRouteMethod = 'get',
serviceValidator = () => true,
useCookie = false,
cookieOptions = {},
app = express(),
} = {}
)
In the above figure, after the application has received the token, it can make query to paale-dai to validate the token using cookie paale_token=token or header Authorization: Bearer token
Token storage are a way to store the tokens. They map a token to a user. You can store the tokens in a database by creating a custom token storage.
By default this package ships with only JWT based token storage. If you use it, the applications can validate the token themselves without querying the paale-dai all the time if they have the public key.
FAQs
paale-dai ======================= [![NPM Version][npm-image]][npm-url] [![NPM Downloads][downloads-image]][downloads-url] [![Build Status][travis-image]][travis-url] [![Test Coverage][coveralls-image]][coveralls-url]
The npm package paale-dai receives a total of 0 weekly downloads. As such, paale-dai popularity was classified as not popular.
We found that paale-dai demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.