Nunchaku Pizza Master

    @adobe/aio-app-actions-auth

    1.0.0 • Public • Published

    Build Status License

    actions-auth

    Openwhisk Package for setting up actions used in authentication flow.

    Logging in Users using an Authentication Sequence

    The goal is to create an authentication flow that is composed from a sequence of actions:

      login -> encrypt -> persist (SET) -> register_my_webhook (not implemented here) -> redirect
    
    • login - uses actions-auth-passport action.
    • encrypt - uses ./action/encrypt.js to enable sequencing to the persist action (TBD: Will be renamed to format).
    • persist - uses auth-cache-dynamodb.
    • redirect - uses redirect.js from actions-auth-passport action. This action redirects the end user to a confirmation page, after a successful login. The redirect URL can be controlled by either providing a default redirect_url to the login action, but it can also be overridden for special cases through the success_redirect parameters of the login action.

    The user experience starts with the login action, which takes the end-user through the authentication UI of the corresponding provider. Once the login is successful the sequence executes all the actions, and at the end, the last action should redirect the user to a home page.

    Installing supporting actions

    For a quick setup use:

    $ npm run deploy

    This command sets up 2 packages in a user's namespace( system in the example bellow ):

    $ wsk package get oauth --summary
      package /system/oauth
       action /system/oauth/login
    
    $ wsk package get cache --summary
      package /system/cache
       action /system/cache/encrypt
       action /system/cache/persist
    • the oauth package contains the login action with no default parameters;
    • the cache package contains the encrypt and persist actions

    NOTE: These packages could be publicly available from a system package, so that other namespaces can reference/bind to them. This offers the flexibility to maintain the supporting actions in a single place, vs having them copied and installed in each namespace.

    Configuring Adobe as an authentication provider

    $ CLIENT_ID=AAA CLIENT_SECRET=BBB SCOPES=openid,AdobeID make adobe-oauth

    This command uses /system/oauth/login to create a package binding, configuring the credentials via default parameters. Then it creates the final action as a sequence ( login -> encrypt -> persist). To make for a nicer URI, the sequence action is placed in its own package so that it's presented to the end users as: /api/v1/web/guest/adobe/authenticate.

    Retrieving the persisted info

    Use the same persist action used during authentication to retrieve the information. B/c the information is encrypted with Openwhisk Namespace API-KEY it can only be decrypted by actions within the same namespace. The API-KEY belonging to the namespace is injected by Openwhisk as an environment variable at invocation time.

    persist (GET) -> decrypt
    
    • persist is the same action used during Authentication

    Contributing

    Contributions are welcomed! Read the Contributing Guide for more information.

    Licensing

    This project is licensed under the Apache V2 License. See LICENSE for more information.

    Keywords

    none

    Install

    npm i @adobe/aio-app-actions-auth

    DownloadsWeekly Downloads

    5

    Version

    1.0.0

    License

    none

    Unpacked Size

    43.2 kB

    Total Files

    22

    Last publish

    Collaborators

    • adobehalls
    • fullcolorcoder
    • marbec
    • tripod
    • garthdb
    • lazd
    • adobe-admin
    • patrickfulton
    • trieloff
    • shazron
    • krisnye
    • dcpfsdk
    • natebaldwin
    • devongovett
    • aspro83
    • symanovi
    • dpfister
    • stefan-guggisberg
    • korra
    • rofe
    • kptdobe