8000 GitHub - francois2metz/grant: Authentication Middleware for Express and Koa
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

francois2metz/grant

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

395 Commits
config
config
 
 
example
example
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Grant

npm-version coveralls-status

84 Supported Providers / OAuth Playground

500px | amazon | angellist | appnet | asana | assembla | basecamp | bitbucket | bitly | box | buffer | cheddar | coinbase | dailymile | dailymotion | deezer | deviantart | digitalocean | disqus | dropbox | edmodo | elance | eventbrite | evernote | everyplay | eyeem | facebook | feedly | fitbit | flattr | flickr | flowdock | foursquare | geeklist | getpocket | github | gitter | goodreads | google | harvest | heroku | imgur | instagram | jawbone | linkedin | live | mailchimp | meetup | mixcloud | odesk | openstreetmap | paypal | podio | rdio | redbooth | reddit | runkeeper | salesforce | shopify | skyrock | slack | slice | soundcloud | spotify | stackexchange | stocktwits | strava | stripe | traxo | trello | tripit | tumblr | twitch | twitter | uber | vimeo | vk | withings | wordpress | xing | yahoo | yammer | yandex | zendesk

Express

var express = require('express')
var Grant = require('grant').express()

var grant = new Grant({...configuration see below...})

var app = express()
// mount grant
app.use(grant)
// app server middlewares
app.use(cookieParser())
app.use(session())

Koa

var koa = require('koa')
var Grant = require('grant').koa()

var grant = new Grant({...configuration see below...})

var app = koa()
// mount grant
app.use(mount(grant))
// app server middlewares
app.use(session(app))
app.use(bodyParser())

Reserved Routes for Grant

/connect/:provider/:override?
/connect/:provider/callback

Configuration

{
  "server": {
    "protocol": "http",
    "host": "localhost:3000",
    "callback": "/callback"
  },
  "provider1": {
    "key": "...",
    "secret": "...",
    "scope": ["scope1", "scope2", ...],
    "state": "some state",
    "callback": "/provider1/callback"
  },
  "provider2": {...},
  ...
}
  • server - configuration about your server
    • protocol - either http or https
    • host - your server's host name localhost:3000 | dummy.com:5000 | mysite.com ...
    • callback - common callback for all providers in your config /callback | /done ...
  • provider1 - any supported provider (see the list above) facebook | twitter ...
    • key - consumer_key or client_id of your app
    • secret - consumer_secret or client_secret of your app
    • scope - array of OAuth scopes to request
    • state - OAuth state string to send
    • callback - specific callback to use for this provider (overrides the global one specified under the server key)

Redirect Url

For callback/redirect url of your OAuth application you should always use this format

[protocol]://[host]/connect/[provider]/callback

Where protocol and host should match the ones from which you initiate the flow, and provider is the provider's name from the list of supported providers

The path you specify in the callback key in the Grant's configuration is where you'll receive the response data from the OAuth flow as a querystring, after the [protocol]://[host]/connect/[provider]/callback route have been hit

Static Overrides

You can add arbitrary {object} keys inside your provider's configuration to create sub configurations that override the global settings for that provider

// navigate to /connect/facebook
"facebook": {
  "key": "...",
  "secret": "...",
  // by default request publish permissions
  "scope": ["publish_actions", "publish_stream"],
  // set specific callback route on your server for this provider
  "callback": "/facebook/callback"
  // navigate to /connect/facebook/groups
  "groups": {
    // request only group permissions
    "scope": ["user_groups", "friends_groups"]
  },
  // navigate to /connect/facebook/pages
  "pages": {
    // request only page permissions
    "scope": ["manage_pages"],
    // additionally use specific callback route on your server for this override
    "callback": "/facebook_pages/callback"
  }
}

Dynamic Override

Additionally you can make a POST request to the /connect/:provider/:override? route to override your provider's configuration dynamically on each request

<form action="/connect/facebook" method="post" accept-charset="utf-8">
  <input name="state" type="text" value="" />
  <input name="scope" type="checkbox" value="read" />
  <input name="scope" type="checkbox" value="write" />
  <button>submit</button>
</form>

Quirks

  • To use LinkedIn's OAuth2 flow you should use linkedin2 for provider name, instead of linkedin which is for OAuth1
  • For Zendesk and Shopify you should specify your company's sub domain name through the subdomain option
  • Some providers may employ custom authorization parameters outside of the ones specified in the configuration section. You can pass those custom parameters directly in your configuration, for example: Google - access_type:'offline', Reddit - duration:'permanent', Trello - expiration:'never', and so on. Refer to the provider's OAuth documentation, and the Grant's OAuth configuration for more details

Response Data

The OAuth data is returned as a querystring in your final callback (the one you specify in the callback key of your Grant configuration)

OAuth1

For OAuth1 the access_token and the access_secret are accessible directly, raw contains the raw response data

{
  access_token:'...',
  access_secret:'...',
  raw:{
    oauth_token:'...',
    oauth_token_secret:'...',
    some:'other data'
  }
}

OAuth2

For OAuth2 the access_token and the refresh_token (if present) are accessible directly, raw contains the raw response data

{
  access_token:'...',
  refresh_token:'...',
  raw:{
    access_token:'...',
    refresh_token:'...',
    some:'other data'
  }
}

Error

In case of an error, the error key will be populated with the raw error data

{
  error:{
    some:'error data'
  }
}

Typical Flow

  1. Register OAuth application on your provider's web site
  2. For callback/redirect url always use this format [protocol]://[host]/connect/[provider]/callback
  3. Create a config.json file containig
"server": {
  "protocol": "https",
  "host": "mywebsite.com",
  "callback": "/handle_oauth_response"
},
"facebook": {
  "key": "client_id",
  "secret": "client_secret",
  "scope": ["user_about_me"]
},
"twitter": {
  "key": "consumer_key",
  "secret": "consumer_secret",
  "callback": "/handle_twitter_response"
}
  1. Initialize Grant and mount it
// Express
var express = require('express')
var Grant = require('grant').express()
var grant = new Grant(require('./config.json'))
var app = express()
app.use(grant)
// or Koa
var koa = require('koa')
var Grant = require('grant').koa()
var grant = new Grant(require('./config.json'))
var app = koa()
app.use(mount(grant))
  1. Navigate to /connect/facebook to initiate the OAuth flow for Facebook, or navigate to /connect/twitter to initiate the OAuth flow for Twitter
  2. Once the OAuth flow is complete for Facebook you'll receive the response data as a querystring in the /handle_oauth_response route, and for Twitter in the /handle_twitter_response route

What's Next

Once you have your access tokens secured, you can start making authorized requests on behalf of your users. Purest is a great REST API library that supports dozens of REST API providers

License

MIT

About

Authentication Middleware for Express and Koa

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • JavaScript 100.0%
0