superlogin
Advanced tools
Comparing version 0.1.7 to 0.2.0
@@ -66,2 +66,3 @@ 'use strict'; | ||
| registerOAuth2: oauth.registerOAuth2, | ||
| registerTokenProvider: oauth.registerTokenProvider, | ||
| validateUsername: user.validateUsername, | ||
@@ -68,0 +69,0 @@ validateEmail: user.validateEmail, |
@@ -7,2 +7,3 @@ 'use strict'; | ||
| var extend = require('util')._extend; | ||
| var util = require('./util'); | ||
@@ -38,2 +39,17 @@ var stateRequired = ['google', 'linkedin']; | ||
| // Function to initialize a session following authentication from a socialAuth provider | ||
| function initTokenSession(req, res, next) { | ||
| console.log('initTokenSession'); | ||
| var provider = getProviderToken(req.path); | ||
| return user.createSession(req.user._id, provider, req) | ||
| .then(function(mySession) { | ||
| return BPromise.resolve(mySession); | ||
| }) | ||
| .then(function (session) { | ||
| res.status(200).json(session); | ||
| }, function (err) { | ||
| return next(err); | ||
| }); | ||
| } | ||
| // Called after an account has been succesfully linked | ||
@@ -57,3 +73,13 @@ function linkSuccess(req, res, next) { | ||
| // Handles errors if authentication provides | ||
| // Called after an account has been succesfully linked using access_token provider | ||
| function linkTokenSuccess(req, res, next) { | ||
| var provider = getProviderToken(req.path); | ||
| res.status(200).json({ | ||
| ok: true, | ||
| success: util.capitalizeFirstLetter(provider) + ' successfully linked', | ||
| provider: provider | ||
| }); | ||
| } | ||
| // Handles errors if authentication fails | ||
| function oauthErrorHandler(err,req,res,next) { | ||
@@ -74,2 +100,18 @@ var template; | ||
| // Handles errors if authentication from access_token provider fails | ||
| function tokenAuthErrorHandler(err,req,res,next) { | ||
| var status; | ||
| if(req.user && req.user._id) { | ||
| status = 403; | ||
| } else { | ||
| status = 401; | ||
| } | ||
| console.error(err); | ||
| if(err.stack) { | ||
| console.error(err.stack); | ||
| delete err.stack; | ||
| } | ||
| res.status(status).json(err); | ||
| } | ||
| // Framework to register OAuth providers with passport | ||
@@ -107,3 +149,29 @@ function registerProvider(provider, configFunction) { | ||
| // If a user is authenticated we will link an account, otherwise log in | ||
| // Registers a provider that accepts an access_token directly from the client, skipping the popup window and callback | ||
| // This is for supporting Cordova, native IOS and Android apps, as well as other devices | ||
| function registerTokenProvider (providerName, Strategy) { | ||
| providerName = providerName.toLowerCase(); | ||
| var configRef = 'providers.' + providerName; | ||
| if (config.getItem(configRef + '.credentials')) { | ||
| var credentials = config.getItem(configRef + '.credentials'); | ||
| credentials.passReqToCallback = true; | ||
| var options = config.getItem(configRef + '.options') || {}; | ||
| // Configure the Passport Strategy | ||
| passport.use(providerName + '-token', new Strategy(credentials, | ||
| function (req, accessToken, refreshToken, profile, done) { | ||
| authHandler(req, providerName, {accessToken: accessToken, refreshToken: refreshToken}, profile) | ||
| .nodeify(done); | ||
| })); | ||
| router.post('/' + providerName + '/token', passportTokenCallback(providerName, options), initTokenSession, tokenAuthErrorHandler); | ||
| if(!config.getItem('security.disableLinkAccounts')) { | ||
| router.post('/link/' + providerName + '/token', passport.authenticate('bearer', {session: false}), | ||
| passportTokenCallback(providerName, options), linkTokenSuccess, tokenAuthErrorHandler); | ||
| } | ||
| console.log(providerName + '-token loaded.'); | ||
| } | ||
| } | ||
| // This is called after a user has successfully authenticated with a provider | ||
| // If a user is authenticated with a bearer token we will link an account, otherwise log in | ||
| // auth is an object containing 'access_token' and optionally 'refresh_token' | ||
| function authHandler(req, provider, auth, profile) { | ||
@@ -117,2 +185,4 @@ if(req.user && req.user._id && req.user.key) { | ||
| // Configures the passport.authenticate for the given provider, passing in options | ||
| // Operation is 'login' or 'link' | ||
| function passportCallback(provider, options, operation) { | ||
@@ -134,2 +204,12 @@ return function(req, res, next) { | ||
| // Configures the passport.authenticate for the given access_token provider, passing in options | ||
| function passportTokenCallback(provider, options) { | ||
| return function(req, res, next) { | ||
| console.log('Token callback'); | ||
| var theOptions = extend({}, options); | ||
| theOptions.session = false; | ||
| passport.authenticate(provider + '-token', theOptions)(req, res, next); | ||
| }; | ||
| } | ||
| function getLinkCallbackURLs(provider, req, operation, accessToken) { | ||
@@ -163,7 +243,17 @@ if(accessToken) { | ||
| // Gets the provider name from a callback path for access_token strategy | ||
| function getProviderToken(pathname) { | ||
| var items = pathname.split('/'); | ||
| var index = items.indexOf('token'); | ||
| if(index > 0) { | ||
| return items[index-1]; | ||
| } | ||
| } | ||
| return { | ||
| registerProvider: registerProvider, | ||
| registerOAuth2: registerOAuth2 | ||
| registerOAuth2: registerOAuth2, | ||
| registerTokenProvider: registerTokenProvider | ||
| }; | ||
| }; |
| { | ||
| "name": "superlogin", | ||
| "version": "0.1.7", | ||
| "version": "0.2.0", | ||
| "description": "Powerful authentication for APIs and single page apps using the CouchDB ecosystem which supports a variety of providers.", | ||
@@ -5,0 +5,0 @@ "main": "./lib/index.js", |
@@ -180,2 +180,4 @@ # SuperLogin | ||
| ##### Configuration | ||
| The first step is to add credentials to your config file. You can skip the callback URL as it will be generated automatically. Here is how to add support for Dropbox: | ||
@@ -198,4 +200,10 @@ | ||
| Now all you have to do is register your new provider with SuperLogin. Simply follow this pattern: | ||
| SuperLogin supports two types of workflows for OAuth2 providers: popup window and client access token. | ||
| ##### Popup Window Workflow for web browsers (desktop and mobile) | ||
| Your client must create a popup window and point it to `/{provider}`, where the user will be directed to authenticate with that provider. After authentication succeeds or fails, it will call a Javascript callback on the parent window called `superlogin.oauthSession`. | ||
| After completing the configuration step above, all you have to do is register your new provider with SuperLogin. Simply follow this pattern: | ||
| ```js | ||
@@ -206,4 +214,19 @@ var DropboxStrategy = require('passport-dropbox-oauth2').Strategy; | ||
| Now, assuming your credentials are valid, you should be able to authenticate with Dropbox by opening a popup window to `/dropbox`. | ||
| Now, assuming your credentials are valid, you should be able to authenticate with Dropbox by opening a popup window to `/dropbox`. See below in the Routes documentation for more detail. | ||
| ##### Client Access Token for Cordova / Phonegap and Native Apps | ||
| Cordova and most native app frameworks (including iOS and Android) have plugins which authenticate a user with a provider and provide an `access_token` to the client app. All you have to do is post a request to `/{provider}/token` and include your `access_token` in the request body. SuperLogin will respond with a new session or an error message. | ||
| You must use Passport strategies that accept `access_token` posted in the body of the request, such as `passport-facebook-token`, `passport-google-token`, etc. | ||
| Here is how to setup the Client Access Token strategy: | ||
| ```js | ||
| var FacebookTokenStrategy = require('passport-facebook-token').Strategy; | ||
| superlogin.registerTokenProvider('facebook', FacebookTokenStrategy); | ||
| ``` | ||
| Note that this uses the exact settings in your config as the popup window workflow. | ||
| ## Advanced Configuration | ||
@@ -275,2 +298,8 @@ | ||
| ##### `POST /{provider}/token` | ||
| This will invoke the client `access_token` strategy for the specified provider if you have registered it. You should include the `access_token` for the provider in the body of your request. | ||
| ##### `POST /link/{provider}/token` | ||
| This will link additional providers to an already authenticated user using the client `access_token` strategy. | ||
| ## Event Emitter | ||
@@ -442,2 +471,5 @@ | ||
| ##### Initial Release (0.1.0) 2015-09-10 | ||
| The intense power of SuperLogin is unleashed on a world that may not be ready! Tested with Node.js 0.12.7 and 4.0.0. | ||
| The intense power of SuperLogin is unleashed on a world that may not be ready! Tested with Node.js 0.12.7 and 4.0.0. | ||
| ##### Client Access Token Strategies (0.2.0) 2015-09-13 | ||
| Added client `access_token` strategies to support OAuth2 flows from Cordova, PhoneGap, and native apps. |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by3.08%
189218
- Lines of code
- increased by1.77%
4884
- Number of lines in readme file
- increased by7.53%
471
No dependency changes