npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

oe-component-passport

v2.3.0

Published

oe-cloud module to initialize passport component supporting regular strategies and JWT as access token

Downloads

23

Readme

oe-component-passport

This project implements multiple authentication capability provided by passportjs.

Pre-requisites

  • oe-cloud
  • oe-logger
  • loopback-component-passport
  • Configure model-config.json of application with UserIdentity and UserCredential with proper datasource as per application's datasource configuration

Features

  1. Local and 3rd party authentication support (like Facebook, google oauth authentication)
  2. JWT authentication support
  3. JWT as access_token
  4. Configurable "Cookie" generation with users/login api (set ENABLE_COOKIE=true)
  5. Parameterized providers.json

Difference from previous version of oe-cloud

  1. All extented models - BaseUser, BaseRole, BaseUserRoleMapping etc has been removed.
  2. Depricated custom functions, like password compelxity, account lockout (as result of point 1)
  3. removal of custom cookies (default cookie of passportjs remains)
  4. Standardized with loopback authentication.
  5. Depricated use of custom headers for authentication (like x-jwt-assertion)
  6. Depricated trusted app - this feature can be used by creating service account user in normal User model and use this account for external app login

Usage and Example

Usage of this module needs an entry in package.json and also an entry to application's app-list.json

{
    "path": "oe-component-passport",
    "enabled": true
  },

Inside your application, authentication can be done using "/User/login" or "/auth/local" which returns access_token as payload and in cookie if configured.

Configure model-config.json

Add UserIdentity and UserCredential models in your application's model-config.json (in your application's server directory) with correct dataSource name. Also set public true or false depending on your requirement to expose those as REST API or not.

"UserCredential": {
    "dataSource": "db",
    "public": false
  },
  "UserIdentity": {
    "dataSource": "db",
    "public": false
  }

Parameterized providers.json

You can write providers json like this where you can parameterise a value like ${variable_name}

{
  "local": {
    "provider": "local",
    "module": "passport-local",
    "usernameField": "${userfieldname}",
    "passwordField": "${PASSWORD_FIELD_NAME}",
    "authPath": "/auth/local",
    "successRedirect": "/explorer",
    "failureRedirect": "/login",
    "failureFlash": false,
    "callbackHTTPMethod": "post",
    "setAccessToken": true
  }
}

In above example, usernameField value would be set to value of environment (or configuration) variable 'userfieldname' and passwordField value would be from environment (or configuration) variable 'PASSWORD_FIELD_NAME'. If those environmental variables are not set or not in configuration, '' (blank string) would be assigned.

Finacle SSO JWT

To use the application with finacle SSO JWT, check "/test" folder provider.js example for custom callback. To make Finacle SSO JWT to work wihtout login in to your application (JWT generated from Finacle SSO in another app) you need to enable and set environment variables Finacle SSO's JWT is expected to be directly passed in "Authorization" header or "authorization" signed cookie for any API call - only to those which comes under restApiRoot path configured in config.js(or config.json or respective config file of each environment e.g. config.production.json).

Environment variables

SECRET_OR_KEY or PUBLIC_KEY should be fininfra's public key as base64 string (should be properly formated and the public key) ENABLE_FINACLE_SSO_JWT set to true

How to get public key

Get public key for jwt verify from cacerts and key.jks comes with fininfra (docker image)

keytool -importkeystore -srckeystore key.jks -destkeystore finaclesso.p12 -srcstoretype jks -deststoretype pkcs12

keytool -exportcert -alias finacle -keystore key.jks | openssl x509 -inform DER >cert.pem

Please note, all values (URLs) in providers.js(json) for fininfra entries are case sensitive and should be all small. Also, in provider.js(json) use same case which is used in Finacle SSO resource entry for Startup URL, Logout URL, client_id and client_secret.

JWT_FOR_ACCESS_TOKEN

To improve performance JWT can be used as access token. to enable that, set following environmental variable

SECRET_OR_KEY = 'secret'
JWT_FOR_ACCESS_TOKEN = true;

SECRET_OR_KEY could be any secret consisting alphanumeric value. If JWT_FOR_ACCESS_TOKEN is set true, and finacle sso also needs to be used, set finacle certificate to PUBLIC_KEY

Please note that this implementation of JWT just replaces generic access-token with JWT and saves checking user id from database for api every request that needs authentication (ACL).

To implement custom JWT payload to have user roles(to use in ACL varification) and other details; override User.login function along with User.prototype.createAccessToken and AccessToken.resolve

For any other login related customization, like password complexity, password history etc; please extend User model and add customized code in extended model (some example available in oe-demo-app)

The certificate format should be similar to this

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiUdFD5LPHdPKpSD+HpLzkfN6/
y0BDAbyo2srzBhQl81oqg+HPI/03jOsWs0cP0uS0eZOmrrlujLfbG+R3WKN5xPvB
brOBBA7N8axDRRZWoWkEX3KX2vaUfAxfQNp3tUhegliHtrLVPyutnowlY3f7/TzX
JbEND/PONc0VpaEf4wIDAQAB
-----END PUBLIC KEY-----