punch-auth

punch-auth

Exposes methods for google oauth2, linkedin oauth2 and local authorization (username/password strategy).

google oauth2

Following are the settings required for google oauth2.

  var config = {
    CLIENT_ID: 'client id', //application id that you create on developer.google.
    CLIENT_SECRET: 'client secret', //secret for the application.
    REDIRECT_URL: 'callback url' //the path in your app where the user will redirected once allowed access.
  };

OAuth2 wrapper for google can be initialized like so:

  var punchAuth = require('punch-auth');
  var googleOAuth = punchAuth.googleOAuth(config);

The googleOAuth exposes following methods.

• Following gets the url (string) to redirect the user to google's authorization page. Its an synchronous call.

  var url = googleOAuth.getAuthURL();

• Once the user grants access to your app, control would be redirected to the REDIRECT_URL with a parameter code. This method redeems the code, initializes the services and returns user's profile.

  googleOAuth.verifyAndInitialize(code)
  .then(userProfile => {...});

• Once the services have been initialized, this method can be used to get the profile of the currently authorized user.

  googleOAuth.getProfile()
  .then(userProfile => {...});

---

linkedin oauth2

Following are the settings required for linkedin oauth2.

  var config = {
    CLIENT_ID: 'client id', //application id that you create on developer.linkedin.
    CLIENT_SECRET: 'client secret', //secret for the application.
    REDIRECT_URL: 'callback url' //the path in your app where the user will redirected once allowed access.
  };

OAuth2 wrapper for linkedin can be initialized like so:

  var punchAuth = require('punch-auth');
  var linkedinOAuth = punchAuth.linkedinOAuth(config);

The linkedinOAuth exposes following methods.

• Following gets the url (string) to redirect the user to linkedin's authorization page. Its an synchronous call.

  var url = linkedinOAuth.getAuthURL();

• Once the user grants access to your app, control would be redirected to the REDIRECT_URL with parameters code and state. This method redeems the code and state, initializes the services and returns user's profile.

  linkedinOAuth.verifyAndInitialize(code)
  .then(userProfile => {...});

• Once the services have been initialized, this method can be used to get the profile of the currently authorized user.

  googleOAuth.getProfile()
  .then(userProfile => {...});

Services are initialized when the auth code is successfully redeemed. This holds true for both google and linkedin services.

---

local auth

Implements local username/password strategy. Following are the settings required for local auth module.

  var config = {
    USER_COLLECTION: UserModel, //mongoose model for the users collection.
    ID_FIELD: 'username', //name of the field to be treated as identifier like username, email.
    PASSWORD_FIELD: 'password', //name of the field that contains the hashed password.
  }

Optional settings include:

  config.SALT_ROUNDS = 11 //number,  defaults to 10, used to create password hash using 'bcrypt'.
  config.TOKE_KEY = 'some key' //string, defaults to 'punch-token-key', used to create bearer token using 'jasonwebtoken'.

localAuth can be initialized like so:

  var punchAuth = require('punch-auth');
  var localAuth = punchAuth.localAuth(config);

Middleware exposed by localAuth

• The following middleware is for authentication (username/password). On successfull authentication the user object and an accessToken is attached to the req object, otherwise a 401 is returned along with appropriate error message. This middleware can be used like so:

  router.post('/login',
    localAuth.loginMW(), //method that returns the middleware
    (req, res, next) => {...}
  );

• The following middleware verifies the bearer token. On successfull verification the user object is attached to the req object, otherwise a 401 is returned with the appropriate error message. This middleware can be used like so:

  router.get('/index',
    localAuth.bearerMW(), //method that returns the middleware
    (req, res, next) => {...}
  );

Methods exposed by localAuth

Following are some helping methods, that can be used as alternatives to the middleware, and allows more flexibility.

• This method implements logic for login (username/password), and returns the user object on success.

  localAuth.login(req.body.username, req.body.password)
  .then(user => {...})
  .catch(err => {...});

• This method creates a hash for a plain string password. SALT_ROUNDS for creating the hash can be set in the config.

  var password = 'some password';

  localAuth.createHash(password)
  .then(hash => {...})
  .catch(err => {...});

• Method to check if the given password matches with the hash.

  var password = 'some password';

  localAuth.checkPassword(password, user.savedPasswordHash)
  .then(_ => {//password matched})
  .catch(err => {...});

• Method to verify jasonwebtoken.

  var token = 'the bearer token';

  localAuth.authorizeBearer(token)
  .then(user => {//the user object from the user collection set in config})
  .catch(err => {...});