passport-auth0
Advanced tools
Comparing version 1.2.0 to 1.2.1
# Change Log | ||
## [v1.2.0](https://github.com/auth0/wp-auth0/tree/v1.2.0) (2019-07-31) | ||
[Full Changelog](https://github.com/auth0/wp-auth0/compare/v1.1.0...v1.2.0) | ||
## [v1.2.1](https://github.com/auth0/passport-auth0/tree/v1.2.1) (2019-08-12) | ||
[Full Changelog](https://github.com/auth0/passport-auth0/compare/v1.2.0...v1.2.1) | ||
**Closed issues** | ||
- Strategy constructor mutates options argument [\#91](https://github.com/auth0/passport-auth0/issues/91) | ||
- Infinite redirect loop, "Invalid authorization request state." [\#89](https://github.com/auth0/passport-auth0/issues/89) | ||
- could I use cookie-session instead of express-session? [\#87](https://github.com/auth0/passport-auth0/issues/87) | ||
**Fixed** | ||
- Fix strategy constructor to not mutate options argument [\#92](https://github.com/auth0/passport-auth0/pull/92) ([naptowncode](https://github.com/naptowncode)) | ||
## [v1.2.0](https://github.com/auth0/passport-auth0/tree/v1.2.0) (2019-07-31) | ||
[Full Changelog](https://github.com/auth0/passport-auth0/compare/v1.1.0...v1.2.0) | ||
**Closed issues** | ||
- Not obvious how to style lock on redirect [\#74](https://github.com/auth0/passport-auth0/issues/74) | ||
@@ -8,0 +19,0 @@ - Auth0 state parameter not always passed through [\#73](https://github.com/auth0/passport-auth0/issues/73) |
@@ -53,3 +53,3 @@ /** | ||
this.options = Object.assign(options, defaultOptions); | ||
this.options = Object.assign({}, options, defaultOptions); | ||
@@ -56,0 +56,0 @@ if (this.options.state === undefined) { |
@@ -0,0 +0,0 @@ function Profile (data, raw) { |
{ | ||
"name": "passport-auth0", | ||
"version": "1.2.0", | ||
"version": "1.2.1", | ||
"description": "Auth0 platform authentication strategy for Passport.js", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
191
README.md
# passport-auth0 | ||
This is the [Auth0](https://auth0.com/) authentication strategy for [Passport.js](http://passportjs.org/). Passport is authentication middleware for Node.js that can be unobtrusively dropped into any Express-based web application. | ||
For Management API endpoints, please see the [Node Auth0 SDK](https://github.com/auth0/node-auth0). | ||
[![Build Status](https://travis-ci.org/auth0/passport-auth0.svg?branch=master)](https://travis-ci.org/auth0/passport-auth0) | ||
[![npm](https://img.shields.io/npm/v/passport-auth0)](https://npmjs.org/package/passport-auth0) | ||
[![npm](https://img.shields.io/npm/dm/passport-auth0)](https://npmjs.org/package/passport-auth0) | ||
[![License](http://img.shields.io/:license-mit-blue.svg?style=flat)](https://opensource.org/licenses/MIT) | ||
This is the [Auth0](https://auth0.com/) authentication strategy for Passport.js. | ||
## Table of Contents | ||
## Passport.js | ||
- [Documentation](#documentation) | ||
- [Installation](#installation) | ||
- [Customization](#customization) | ||
- [Support + Feedback](#support--feedback) | ||
- [Vulnerability Reporting](#vulnerability-reporting) | ||
- [What is Auth0](#what-is-auth0) | ||
- [License](#license) | ||
[Passport](http://passportjs.org/) is authentication middleware for Node.js. Passport can be unobtrusively dropped into any Express-based web application. | ||
## Documentation | ||
## Installation | ||
Full documentation with examples can be found in the [Node.js Quickstart](https://auth0.com/docs/quickstart/webapp/nodejs). | ||
npm install passport-auth0 | ||
You can also see fully working demos using this library in our [Auth0 blog](https://auth0.com/blog/): | ||
## Configuration | ||
* [Build and Authenticate a Node.js App with JSON Web Tokens](https://auth0.com/blog/building-and-authenticating-nodejs-apps/#nodejs-directory-structure) | ||
* [Developing a Real-Time, Collaborative Editor with Pusher](https://auth0.com/blog/developing-a-real-time-collaborative-editor-with-pusher/) | ||
Take your credentials from the _Settings_ tab of your [Auth0 application](https://manage.auth0.com/#/applications/) in the dashboard and initialize the strategy as follows: | ||
## Installation | ||
~~~js | ||
var Auth0Strategy = require('passport-auth0'), | ||
passport = require('passport'); | ||
The Auth0 Passport strategy is installed with npm. | ||
var strategy = new Auth0Strategy({ | ||
domain: 'your-domain.auth0.com', | ||
clientID: 'your-client-id', | ||
clientSecret: 'your-client-secret', | ||
callbackURL: '/callback' | ||
}, | ||
function(accessToken, refreshToken, extraParams, profile, done) { | ||
// accessToken is the token to call Auth0 API (not needed in the most cases) | ||
// extraParams.id_token has the JSON Web Token | ||
// profile has all the information from the user | ||
return done(null, profile); | ||
} | ||
); | ||
npm install passport-auth0 | ||
passport.use(strategy); | ||
~~~ | ||
## Customization | ||
@@ -46,7 +47,5 @@ ### State parameter | ||
~~~js | ||
var Auth0Strategy = require('passport-auth0'); | ||
var strategy = new Auth0Strategy({ | ||
domain: 'your-domain.auth0.com', | ||
```js | ||
const Auth0Strategy = require('passport-auth0'); | ||
const strategy = new Auth0Strategy({ | ||
// ... | ||
@@ -59,84 +58,86 @@ state: false | ||
); | ||
~~~ | ||
``` | ||
## Usage | ||
[More on state handling here](https://github.com/auth0/passport-auth0/issues/40#issuecomment-511592801). | ||
~~~js | ||
app.get('/callback', | ||
passport.authenticate('auth0', { failureRedirect: '/login' }), | ||
function(req, res) { | ||
if (!req.user) { | ||
throw new Error('user null'); | ||
} | ||
res.redirect("/"); | ||
} | ||
); | ||
### Scopes | ||
app.get('/login', | ||
passport.authenticate('auth0', {}), function (req, res) { | ||
res.redirect("/"); | ||
}); | ||
~~~ | ||
If you want to change the scope of the ID token provided, add a `scope` property to the authenticate configuration passed when defining the route. These must be [OIDC standard scopes](https://auth0.com/docs/scopes/current/oidc-scopes). If you need data outside of the standard scopes, you can add [custom claims](https://auth0.com/docs/scopes/current/custom-claims) to the token. | ||
This way when you go to `/login`, you will get redirected to an Auth0 page where you can select the identity provider. | ||
```js | ||
app.get( | ||
'/login', | ||
passport.authenticate('auth0', {scope: 'openid email profile'}), | ||
function (req, res) { | ||
res.redirect('/'); | ||
} | ||
); | ||
``` | ||
If you want to change the scope of the ID token provided, add a `scope` property to the authenticate configuration passed when defining the route. These must be [OIDC standard scopes](https://auth0.com/docs/scopes/current/oidc-scopes). If you need data outside of the standard scopes, you can add [custom claims](https://auth0.com/docs/scopes/current/custom-claims) to the token. | ||
### Force a Specific IdP | ||
~~~javascript | ||
app.get('/login', | ||
passport.authenticate('auth0', {scope: 'openid email profile'}), function (req, res) { | ||
res.redirect("/"); | ||
}); | ||
~~~ | ||
If you want to force a specific identity provider you can use: | ||
If you want to force an identity provider you can use: | ||
```js | ||
app.get( | ||
'/login/google', | ||
passport.authenticate('auth0', {connection: 'google-oauth2'}), | ||
function (req, res) { | ||
res.redirect('/'); | ||
} | ||
); | ||
``` | ||
~~~javascript | ||
app.get('/login/google', | ||
passport.authenticate('auth0', {connection: 'google-oauth2'}), function (req, res) { | ||
res.redirect("/"); | ||
}); | ||
~~~ | ||
If you force an identity provider you can also request custom scope from that identity provider: | ||
~~~javascript | ||
app.get('/login/google', passport.authenticate('auth0', { | ||
connection: 'google-oauth2', | ||
connection_scope: 'https://www.googleapis.com/auth/analytics, https://www.googleapis.com/auth/contacts.readonly' | ||
}), function (req, res) { | ||
res.redirect("/"); | ||
}); | ||
~~~ | ||
```js | ||
app.get( | ||
'/login/google', | ||
passport.authenticate('auth0', { | ||
connection: 'google-oauth2', | ||
connection_scope: 'https://www.googleapis.com/auth/analytics, https://www.googleapis.com/auth/contacts.readonly' | ||
}), | ||
function (req, res) { | ||
res.redirect('/'); | ||
} | ||
); | ||
``` | ||
### Getting Access Tokens | ||
If you want to specify an audience for the returned `access_token` you can: | ||
~~~javascript | ||
app.get('/login', | ||
passport.authenticate('auth0', {audience: 'urn:my-api'}), function (req, res) { | ||
res.redirect("/"); | ||
}); | ||
~~~ | ||
```js | ||
app.get( | ||
'/login', | ||
passport.authenticate('auth0', {audience: 'urn:my-api'}), | ||
function (req, res) { | ||
res.redirect('/'); | ||
} | ||
); | ||
``` | ||
If you want to control the OIDC prompt you can use: | ||
### Silent Authentication | ||
~~~javascript | ||
app.get('/login', | ||
passport.authenticate('auth0', {prompt: 'none'}), function (req, res) { | ||
res.redirect("/"); | ||
}); | ||
~~~ | ||
If you want to check authentication without showing a prompt: | ||
## API access | ||
```js | ||
app.get( | ||
'/login', | ||
passport.authenticate('auth0', {prompt: 'none'}), | ||
function (req, res) { | ||
res.redirect('/'); | ||
} | ||
); | ||
``` | ||
If you want to get a list of connections or users from Auth0, [use the Node.js SDK](https://github.com/auth0/node-auth0). | ||
## Support + Feedback | ||
## Examples | ||
- Use [Issues](https://github.com/auth0/passport-auth0/issues) for code-level support | ||
- Use our [Community](https://community.auth0.com/) for usage, questions, specific cases | ||
You can also see fully working demos using this library in our [Auth0 blog](https://auth0.com/blog/): | ||
## Vulnerability Reporting | ||
* [Build and Authenticate a Node.js App with JSON Web Tokens](https://auth0.com/blog/building-and-authenticating-nodejs-apps/#nodejs-directory-structure) | ||
Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues. | ||
* [Developing a Real-Time, Collaborative Editor with Pusher](https://auth0.com/blog/developing-a-real-time-collaborative-editor-with-pusher/) | ||
## What is Auth0? | ||
@@ -155,12 +156,4 @@ | ||
## Issue Reporting | ||
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues. | ||
## Author | ||
[Auth0](https://auth0.com/) | ||
## License | ||
This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info. |
@@ -0,0 +0,0 @@ { |
@@ -0,0 +0,0 @@ { |
@@ -52,2 +52,18 @@ var Auth0Strategy = require('../lib'); | ||
it('should copy options object without mutating', function () { | ||
var options = { | ||
domain: 'test.auth0.com', | ||
clientID: 'testid', | ||
clientSecret: 'testsecret', | ||
callbackURL: '/callback' | ||
}; | ||
var strategy = new Auth0Strategy( | ||
options, | ||
function(accessToken, idToken, profile, done) {} | ||
); | ||
strategy.options.should.be.not.equal(options); | ||
options.should.not.have.property('authorizationURL'); | ||
}); | ||
describe('authorizationParams', function () { | ||
@@ -54,0 +70,0 @@ |
@@ -0,0 +0,0 @@ var auth0Profile = require('./fixtures/auth0-example-profile'); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
26091
440
157