sasaki-okta

v1.0.8

Published

2 years ago

Abstraction layer for commonly used Okta API methods at Sasaki.

Downloads

0High
0Medium
0Low

cspanring

tadiraman

okta sasaki

build status

Sasaki Okta API methods

An abstraction layer for commonly used Okta API methods at Sasaki.

Please use the issue tracker to report any bugs.

Features:

implements a subset of Okta's Users and Groups API
provides a middleware to protect routes with [Okta's SAML authentication][8]; see Express.js example below
follows loosely the JSON API specification for response objects
methods return Promises

Installation

npm install sasaki-okta

Documentation

The module expects following environment variables:

OKTA_APIKEY                      ... [required] Okta API key
OKTA_DOMAIN                      ... [required] <DOMAIN>.okta.com

Okta API methods

getUser(<id>)                    ...  Get single user for given Okta ID
getCurrentUser()                 ...  Get current user linked to API token or session cookie
getUsers()                       ...  Get user list
getUsersByGroup(<id>)            ...  Get user list for given Okta Group ID
isUserInGroup(<userId, groupId>) ...  Check if single user is in the group
                                      for given Okta User ID and Okta
                                      Group ID

Response objects loosely follow the JSON API specs.

{ user: {...} }                  ...   for single user requests
{ users: [{...}, {...}] }        ...   for a user list request

Okta (SAML) Authentication

auth(<config>[, <passport>])     ...  Instantiate passport authentication
                                      with SAML strategy. Accepts an
                                      optional `passport` instance to
                                      workaround the (default) passport
                                      singleton, e.g. in case of multiple
                                      apps with different authentication
                                      requirements such as vhosts.
                                      Returns a `passport` instance.

auth.protected                   ...  Middleware to validate authentication
                                      and redirect to `/login` route in case
                                      of non-authenticated session.

Examples

Basic example:

var okta = require('sasaki-okta');
okta.getUsers().then(function(data) {
  // do something with data
}, function(error) {
  // error handling
});

Basic authentication integration with Express:

// Authentication setup
var okta = require('sasaki-okta');
var oktaConfig = {
  issuer: '<ISSUER>',
  entryPoint: '<ENTRY_POINT>',
  cert: '<CERT>'
}
var auth = okta.auth(oktaConfig);
// Pass passport-instance as argument to avoid passport singleton in multiple apps (e.g. vhost scenario)
// var Passport = require('passport').Passport;
// var passport = new Passport();
// var auth = okta.auth(oktaConfig, passport);

// Express app
var express = require('express');
var session = require('express-session');
var app = express();
app.use(session({
  secret: '<SECRET>',
  resave: false,
  saveUninitialized: true,
  cookie: {}
}))
app.use(auth.initialize());
app.use(auth.session());

// Receives Okta SAML assertion
app.post('/login/callback', auth.authenticate('saml', { failureRedirect: '/', failureFlash: true }), function (req, res) {
    res.redirect(302, '<REDIRECT_URL>');
  });
// Login URL
app.get('/login', auth.authenticate('saml', { failureRedirect: '/', failureFlash: true }), function (req, res) {
    res.redirect(302, '<REDIRECT_URL>');
});

// Protected route
app.get('/privatedata', auth.protected, function(req, res) {
  res.send({message: 'This is private.'});
});

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme