pronto-auth-service

Auth Service

User sessions for web and mobile. Pluggable authentication from Zamba, Facebook, Twitter, Google, Linkedin, Salesforce and custom providers. Permit users amongst apps with configurable roles. You can (configured) make Users belong to Accounts. You can invite a user to (a composable set of [App, Account, other config in tokens]), with customized handlers based on the nature of the token.

Usage

Clone https://github.com/prontotype-us/auth-service into your node_modules, or include the repo in your package.

# ...
# Set up your DataService here

config = require '../config'
{jwt_secret, auth_callback_base_url} = config

auth_config = {
    id_key: '_id'
    jwt_secret: jwt_secret
    # Oauth2
    auth_callback_base_url
    providers: {
        (facebook):
            client_id: ''
            client_key: ''
        (twitter):
            consumer_key: ''
            consumer_secret: ''
            ...
    }
}

AuthService = require('auth-service')(auth_config,
    create: (type, item, cb) ->
        DataService 'create', type, item, cb
    get: (type, query, cb) ->
        DataService 'get', type, query, cb
    find: (type, query, cb) ->
        DataService 'find', type, query, cb
    update: (type, id, item_update, cb) ->
        DataService 'update', type, id, item_update, cb
)

service = new somata.Service 'platform_slug:auth', AuthService

Methods

Incoming users

signupUser(app_id_or_slug, new_user, cb)

Sign up a new user with an email and password. app_id_or_slug is optional and will build a Role for the newly created User for the given app if included. Include any configuration for this Role on new_user.role. Things like account_id, organization_id, [app-specific-id-configuration], and any god, admin, or superadmin privileges are good things to put into the role config.

Authenticating as a user

getUserForApp(app_id_or_slug, query, cb)

Exchange an email and password for access to an app.

getUserByToken(jwt_token, cb)

Exchange a jwt token for a user record and session.

Auth Providers

You can configure social network login by passing in an array of strings to config.provider. Permitted provider slugs are twitter and facebook. google and linkedin need to be ported in.

getAuthUrl(provider, query, cb)

Get a url to redirect to for kicking off OAuth2 with this provider.

handleAuthCallback(provider, query, cb)

Handle the end of OAuth2 flow from a provider. Route here from your auth API.

getUserFromMetadata(user_data, cb)

Return a user for metadata including at least source and source_id or email. Useful for social authentication or providing users keyed off other external platforms. Each external account will map to exactly one user. Pass config.use_metadata = true to use a separate table for metadata like this. Otherwise the source and source_id will be kept directly on the user model.

getContextWithApiKey(api_key, cb)

Considering configuring this on a per-platform basis so there is slightly more flexibility how API keys are set up within the schema.

Helpers

getOrCreateUser getOrCreateUserForApp getOrCreateRole createUserForApp getApp getAppId