import IDM from '@creator.co/module-identity-client'
const client = new IDM({
apiEndpoint: 'http://localhost:8080', # - The API endpoint for IDM
--OR--
apiEndpoint: 'https://auth.dev.creator.co', # - The API endpoint for IDM
externalAuth: false, # - When enabled, you should set externalAuthDomain, so all login calls are made on the externalAuthDomain and replied back with an SSO code which allows the foreign client to maintain a session while authenticated.
disableLogs: false, # - Flag to disable logging
roles: {
admin: 'admin',
brand: 'brand',
agency: 'agency',
creator: 'creator',
user: 'user',
},
})
Login can be done with the following (below). JWT will be automatically managed by this client and injected into any API calls to idm service but also renew it when it's about to expire or expired.
const login = await client.authenticator.login('gabriel@creator.co', 'test').catch((e) => {
showError(login.err)
})
if (login.token) {
// success
const userId = a?.metadata?.user?.[0]?.userId
showSuccess(userId)
}
Registration and other calls that require recaptchaToken can only be used with browser access. For dev purposes, we can use the HTML on examples/recaptcha.html to generate a new one and manually add into the request we are trying to test. Since Google recaptcha whitelists a domain and we added localhost:8000 to it, you can server the html file using, cd examples && python3 -m http.server and open http://localhost:8000/recaptcha.html in the browser. You should be present with an alert and when 'OK' is clicked, the recaptcha token should be printed in the console.
Disclaimer: The provided example already includes the publicly accessible recaptcha client. Secret is reserved for the API and should never be public. Disclaimer 2: At the moment, dev and production, do share the same google recaptcha keys for simplicity.
const registrationResponse = await client.registration.register({
recaptchaToken: '<your-recaptcha-token>',
email: 'user@example.com',
firstName: 'First',
lastName: 'Last',
password: 'SecurePassword123',
});
....---- Gets code through email ----....
// This call will confirm user and if goes good, automatically login :p
const loginResponse = await client.registration.confirmRegistrationAndLogin(
'user@example.com',
'<confirmation-code-on-email>',
'<recaptcha-token>'
).catch((e) => {
showError(login.err)
})
if (login.token) {
// success
const userId = a?.metadata?.user?.[0]?.userId
showSuccess(userId)
}
The IDM client now supports a robust authorization system using the Authorizer class. This class allows you to manage access control based on JWT tokens, API keys, and customizable access levels and ACLs.
Here’s how you can utilize the Authorizer in your application:
import IDM from '@creator.co/module-identity-client';
// Configuration for Authorizer
const permissions = {
accessLevel: 'user', // Access level can be 'admin', 'brand', 'agency', 'creator', 'user', or custom
acls: [{ componentId: 'component1', level: 'read', targetId: '*' }], // ACLs to define specific permissions
};
const config = {
cache: { host: 'localhost', port: 6379 }, // Redis cache configuration
};
const creds = {
authorization: 'Bearer your_jwt_token_here', // Or use apiKey: 'your_api_key_here' for API key authentication
};
// Instantiate the Authorizer
const authorizer = new IDM.Authorizer(permissions, config, creds);
// Authenticate and Authorize
(async () => {
const authResult = await authorizer.authenticate();
if (authResult === true) {
console.log('User authenticated and authorized');
} else {
console.error('Authentication/Authorization failed:', authResult);
}
})();
// Additional utility functions
const canManageUser = authorizer.canManageUser('userId');
const canUseBrand = await authorizer.canUseBrand('brandId');
const userId = authorizer.getUserId();Features of the Authorizer:
- Authentication: Supports JWT and API key-based authentication.
- Authorization: Manages access levels and ACLs to determine permissions.
- Utility Functions: Includes functions to check if a user can manage other users or access certain resources.
Roles Supported:
- Admin
- Brand
- Agency
- Creator
- User
This system ensures that only users with the appropriate permissions can access specific resources or perform certain actions within your application.