AuthN
Faux IAM.
reference material:
- OAuth2 Authorization framework.
- PAR Auth flow: Pushed Authorization Request
- PKCE Additional security: Proof-Key for Code Exchange.
- Authorization Code Auth Grant Type.
- Bearer Token Authentication usage mechanism.
Installation
npm i @codealpha/oauth2 --saveExample
import {oauth} from '@codealpha/oauth2'
const oauthConfig = {...}
const Server = async () => {
const { authN, authZ } = await oauth(oauthConfig);
app
.use(express.static(path.join(__dirname, "public")))
.use("/auth", authN)
.use("/private/stuff", [
authZ,
(req, res) => {
res.send({ message: "welcome VIP", data: ["a", 2, { b: true }] });
},
])
.listen(5000, () => {
console.log(`OAuth2 Server started at http://localhost:5000`);
});
};Usage
authN
.use("/auth", authN)"/ui":
- AS User Interface
"/client":
- data about the website using the AS
"/user/whoami":
- user object
authZ
.use("/private/stuff",
authZ,
(req, res) => {
res.send({ message: "welcome VIP", data: ["a", 2, { b: true }] });
},
)ClientSide Callback workflow
Post login:
- client website recieves
authCode. - client website exchanges
authCodeforauthToken. - client website uses
authTokento make API requests.
Configuration
const oauthConfig = {
database: {
type: "postgres",
config: {
user: "DATABASE_USERNAME",
host: "DATABASE_HOST",
password: "DATABASE_PASSWORD",
port: 5432,
},
},
};| key | Description | Default |
|---|---|---|
| awsCredentialsPath | the absolute file path to the AWS credentials.json file | |
| mfaRequired | a SMS code is required on login in addition to a username/password. | false |
| emailSalt | a bcrypt salt used to encrypt data at rest | no encryption |
| database * | ||
| database.type | type of database | [string] |
| database.config | configuration object specific to a database | [Object] |
| client | ||
| client.name | name of website using OAuth2 | 'OAuth2Placeholder' |
| client.website | fqdn of website using OAuth2 | 'OAuth2Placeholder' |
| client.badgeUrl | url of brand image used to customize OAuth2 pages | |
| registrationWhitelist | only allow a defined list of usernames to register | any |
Running Example (dev mode)
Authentication Server UI
- Start client
- cd to /client
- run:
npm start
Build server & end-user functions
- Setup initial builds and watch for changes.
- from project root
- run:
npm run cli start
Example end-user application
- Start Example
- make sure your postgres database is up and running.
- fill in correct environment variables
- from project root
- run:
npm run cli example
Publishing npm module.
- Create NPM granular access token.
StackOverflow ref
- run:
npm config set _authToken=GRANULAR_ACCESS_TOKEN- if you get an error like
Invalid auth configuration found: '_authToken' must be renamed to '//registry.npmjs.org/:_authToken' in user config.
- run:
npm config fix
- if you get an error like
- run:
- Publish to NPM.
- from project root
- run:
npm run publishit