passport-sheknows
Version:
Passport adapter for Atlas SSO
113 lines (94 loc) • 3.54 kB
JavaScript
/**
* Module dependencies.
*/
var util = require('util'),
OAuth2Strategy = require('passport-oauth2'),
InternalOAuthError = require('passport-oauth2').InternalOAuthError,
Profile = require('./profile');
/**
`Strategy` constructor.
The SheKnows authentication strategy authenticates requests by delegating
to SheKnows Connect using the OAuth 2.0 protocol.
Applications must supply a `verify` callback which accepts an `accessToken`,
`refreshToken` and service-specific `profile`, and then calls the `done`
callback supplying a `user`, which should be set to `false` if the
credentials are not valid. If an exception occured, `err` should be set.
Options:
- `clientID` your SheKnows application's Client ID
- `clientSecret` your SheKnows application's Client Secret
- `callbackURL` URL to which SheKnows will redirect the user after granting authorization
Examples:
passport.use(new SheKnowsStrategy({
clientID: '123-456-789',
clientSecret: 'shhh-its-a-secret'
callbackURL: 'https://www.example.net/auth/sheknows/callback'
},
function(accessToken, refreshToken, profile, done) {
User.findOrCreate(..., function (err, user) {
done(err, user);
});
}
));
@class Strategy
@param {Object} options
@param {Function} verify
@api public
**/
function Strategy(options, verify) {
options = options || {};
options.authorizationURL = options.authorizationURL || 'https://atlas-sso.pmc.com/oauth/authorize';
options.tokenURL = options.tokenURL || 'https://atlas-sso.pmc.com/oauth/token';
options.scopeSeparator = options.scopeSeparator || ',';
OAuth2Strategy.call(this, options, verify);
this.name = 'sheknows';
this._profileURL = options.profileURL || 'https://atlas-sso.pmc.com/api/me';
this._clientSecret = options.clientSecret;
}
/**
* Inherit from `OAuth2Strategy`.
*/
util.inherits(Strategy, OAuth2Strategy);
/**
* Retrieve user profile from SheKnows Connect.
*
* This function constructs a normalized profile, with the following properties:
*
* - `provider` always set to `sheknows`
* - `id` the user's SheKnows Connect ID
* - `username` the user's SheKnows Connect username
* - `displayName` the user's full name
* - `firstname` the user's first name
* - `lastname` the user's last name
* - `email` the user's email
* - `emails` the user's email addresses as an array
* - `avatar` the user's connect avatar
* - `roles` the user's roles
* @param {String} accessToken
* @param {Function} done
* @api protected
*/
Strategy.prototype.userProfile = function (accessToken, done) {
/**
* Ensure the authorization is passed via the headers instead of
* query params since our Laravel Passport validation logic does
* not accept the `access_token` param for authentication.
*/
this._oauth2.useAuthorizationHeaderforGET(true);
this._oauth2.get(this._profileURL, accessToken, function (err, body, res) {
if (err) {
return done(new InternalOAuthError('failed to fetch user profile', err));
}
try {
json = JSON.parse(body);
} catch (ex) {
return done(new Error('Failed to parse user profile'));
}
var profile = Profile.parse(json);
profile.provider = 'sheknows';
profile._raw = body;
profile._json = json;
done(null, profile);
});
};
// expose constructor.
module.exports = Strategy;