everyauth
Authentication and authorization (password, facebook, & more) for your node.js Connect and Express apps.
There is a NodeTuts screencast of everyauth here
There is also a Google Groups (recently created) here to post questions and discuss potential ideas and extensions to the library.
So far, everyauth
enables you to login via:
Authenticate Via | Credits |
---|---|
Password | |
Google Hybrid | RocketLabs Development |
Dropbox | Torgeir |
Tumblr | |
Evernote | Danny Amey |
Github | |
Foursquare | |
Yahoo! | |
Justin.tv | slickplaid |
Vimeo | slickplaid |
37signals (Basecamp, Highrise, Backpack, Campfire) | |
Readability | Alfred Nerstu |
AngelList | |
Dwolla | Kenan Shifflett |
OpenStreetMap | Christoph Giesel |
VKontakte (Russian Social Network) | Alexey Simonenko |
Mail.ru (Russian Social Network) | Alexey Gordeyev |
Skyrock | Rodolphe Stoclin |
Gowalla | Andrew Kramolisch |
TripIt | Damian Krzeminski |
500px | Danny Amey |
SoundCloud | Chris Leishman |
mixi | ufssf |
Mailchimp | Winfred Nadeau |
Mendeley | Eduard Baun |
Smarterer | kaizenpack |
Box.net | |
OpenId | RocketLabs Development, Andrew Mee, Brian Noguchi |
LDAP (experimental; not production-tested) | |
Windows Azure Access Control Service (ACS) | Dario Renzulli, Juan Pablo Garcia, Matias Woloski from Southworks |
Dailycred | Hank Stoever at Dailycred.com |
everyauth
is:
- Modular - We have you covered with Facebook and Twitter OAuth logins, basic login/password support, and modules coming soon for beta invitation support and more.
- Easily Configurable - everyauth was built with powerful configuration needs in mind. Configure an authorization strategy in a straightforward, easy-to-read & easy-to-write approach, with as much granularity as you want over the steps and logic of your authorization strategy.
- Idiomatic - The syntax for configuring and extending your authorization strategies are idiomatic and chainable.
Installation
$ npm install everyauth
Quick Start
Using everyauth comes down to just 2 simple steps if using Connect or 3 simple steps if using Express:
-
Choose and Configure Auth Strategies - Find the authentication strategy you desire in one of the sections below. Follow the configuration instructions.
-
Add the Middleware to Connect
var everyauth = ;// Step 1 code goes here// Step 2 codevar connect = ;var app =; -
Add View Helpers to Express
// Step 1 code// ...// Step 2 code// ...// Step 3 codeeveryauth;app;For more about what view helpers
everyauth
adds to your app, see the section titled "Express Helpers" near the bottom of this README.
Example Application
There is an example application at ./example
To run it:
$ cd example
$ node server.js
Important - Some OAuth Providers do not allow callbacks to localhost, so you will need to create a localhost
alias called local.host
. Make sure you set up your /etc/hosts so that 127.0.0.1 is also
associated with 'local.host'. So inside your /etc/hosts file, one of the lines will look like:
127.0.0.1 localhost local.host
Then point your browser to http://local.host:3000
Tests
$ npm install everyauth --dev
Then, update test/creds.js with credentials that the integration tests use to login to each 3rd party service.
$ make test
Accessing the User
If you are using express
or connect
, then everyauth
provides an easy way to access the user as:
req.user
from your app servereveryauth.user
via theeveryauth
helper accessible from yourexpress
views.user
as a helper accessible from yourexpress
views
To access the user, configure everyauth.everymodule.findUserById
and
optionally everyauth.everymodule.userPkey
.
For example, using mongoose:
everyautheverymodule;
If you need access to the request object the function can have three arguments:
everyautheverymodule;
Once you have configured this method, you now have access to the user object
that was fetched anywhere in your server app code as req.user
. For instance:
var app = // Configure your app app;
Moreover, you can access the user in your views as everyauth.user
or as user
.
//- Inside ./views/home.jade
span.user-id= everyauth.user.name
#user-id= user.id
everyauth
assumes that you store your users with an id
property. If not --
e.g, if you adopt the convention user.uid
over user.id
-- then just make
sure to configure the everyauth.everymodule.userPkey
parameter:
everyautheverymodule;
Express Helpers
If you are using express, everyauth comes with some useful dynamic helpers. To enable them:
var express = everyauth = app = express; everyauth;
Then, from within your views, you will have access to the following helpers methods
attached to the helper, everyauth
:
everyauth.loggedIn
everyauth.user
- the User document associated with the sessioneveryauth.facebook
- The is equivalent to what is stored atreq.session.auth.facebook
, so you can do things like ...everyauth.facebook.user
- returns the user json provided from the OAuth provider.everyauth.facebook.accessToken
- returns the access_token provided from the OAuth provider for authorized API calls on behalf of the user.- And you also get this pattern for other modules - e.g.,
everyauth.twitter.user
,everyauth.github.user
, etc.
You also get access to the view helper
user
- the same aseveryauth.user
above
As an example of how you would use these, consider the following ./views/user.jade
jade template:
.user-id
.label User Id
.value #{user.id}
.facebook-id
.label User Facebook Id
.value #{everyauth.facebook.user.id}
If you already have an express helper named user
, then you can configure
everyauth
to use a different helper name to access the user object that
everyauth manages. To do so, leverage the userAlias
option for
everyauth.helpExpress
:
everyauth;
Then, you could access the user object in your view with the helper __user__
instead of the default helper user
. So you can compare with the default use
of helpers given previously, the alternative leveraging userAlias would look like:
.user-id
.label User Id
.value #{__user__.id}
.facebook-id
.label User Facebook Id
.value #{everyauth.facebook.user.id}
everyauth
also provides convenience methods on the ServerRequest
instance req
.
From any scope that has access to req
, you get the following convenience getters and methods:
req.loggedIn
- a Boolean getter that tells you if the request is by a logged in userreq.user
- the User document associated with the sessionreq.logout()
- clears the sesion of your auth data
Logging Out
If you integrate everyauth
with connect
, then everyauth
automatically
sets up a logoutPath
at GET
/logout
for your app. It also
sets a default handler for your logout route that clears your session
of auth information and redirects them to '/'.
To over-write the logout path:
everyautheverymodule;
To over-write the logout redirect path:
everyautheverymodule;
To over-write the logout handler:
everyautheverymodule;
Custom redirect on password-based login or registration
You may want your own callback that decides where to send a user after login or registration. One way of doing this is with the respondToLoginSucceed
and respondToRegistrationSucceed
methods. This assumes that you have set a .redirectTo
property on your req.session
object:
everyauthpassword
If you are using express and want your redirects to be subject to express redirect mapping, you can overwrite redirect method employed by everyauth.
everyautheverymodule ;
A newly defined method will be used by everyauth to perform all redirects.
Auth Strategy Instructions
Facebook Connect
var everyauth = connect = ; everyauthfacebook ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthfacebook scope'email' // Defaults to undefined // Controls the returned fields. Defaults to undefined
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthfacebookscope; // undefinedeveryauthfacebook; // undefinedeveryauthfacebook; // '/auth/facebook'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthfacebook;
Dynamic Facebook Connect Scope
Facebook provides many different
permissions
for which your app can ask your user. This is bundled up in the scope
query
paremter sent with the oauth request to Facebook. While your app may require
several different permissions from Facebook, Facebook recommends that you only
ask for these permissions incrementally, as you need them. For example, you might
want to only ask for the "email" scope upon registration. At the same time, for
another user, you may want to ask for "user_status" permissions because they
have progressed further along in your application.
everyauth
enables you to specify the "scope" dynamically with a second
variation of the configurable scope
. In addition to the first variation
that looks like:
everyauthfacebook scope'email,user_status';
you can have greater dynamic control over "scope" via the second variation of scope
:
everyauthfacebook scope { var session = reqsession; };
Facebook Mobile OAuth Dialog
If you are programming for mobile, you can bring up the facebook mobile OAuth
dialog instead of the traditional desktop browser-based one by just adding
mobile(true)
to your configuration as seen here:
everyauthfacebook // rest of configuration
Twitter OAuth
var everyauth = connect = ; everyauthtwitter ; var { // Define your routes here}; ;
Important - Some developers forget to do the following, and it causes them to have issues with everyauth
.
Please make sure to do the following: When you set up your app at http://dev.twitter.com/, make sure that your callback url is set up to
include that path '/auth/twitter/callback/'. In general, when dealing with OAuth or OAuth2 modules
provided by everyauth
, the default callback path is always set up to follow the pattern
'/auth/#{moduleName}/callback', so just ensure that you configure your OAuth settings accordingly with
the OAuth provider -- in this case, the "Edit Application Settings" section for your app at http://dev.twitter.com.
Alternatively, you can specify the callback url at the application level by configuring callbackPath
(which
has a default configuration of "/auth/twitter/callback"):
everyauthtwitter ;
So if your hostname is example.com
, then this configuration will over-ride the dev.twitter.com
callback url configuration.
Instead, Twitter will redirect back to example.com/custom/twitter/callback/path
in the example just given above.
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthtwitter ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthtwitter; // '/auth/twitter/callback'everyauthtwitter; // '/auth/twitter'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthtwitter;
Password Authentication
var everyauth = connect = ; everyauthpassword // Uri path to the login page // Uri path that your login form POSTs to // Where to redirect to after a login // If login fails, we render the errors via the login view template, // so just make sure your loginView() template incorporates an `errors` local. // See './example/views/login.jade' // Uri path to the registration page // The Uri path that your registration form POSTs to ; // Where to redirect to after a successful registration var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthpassword // Defaults to 'login' // Defaults to 'password' // Only with `express` // Only with `express` ; // See Recipe 3 below
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthpassword; // 'login'everyauthpassword; // 'password'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthpassword;
Password Recipe 1: Extra registration data
Sometimes your registration will ask for more information from the user besides the login and password.
For this particular scenario, you can configure the optional step, extractExtraRegistrationParams
.
everyauthpassword;
Then, you will have access to this data from within your configured
validateRegistration
and registerUser
:
everyauthpassword ;
Password Recipe 2: Logging in with email or phone number
By default, everyauth
uses the field and user key name login
during the
registration and login process.
Sometimes, you want to use email
or phone
instead of login
. Moreover,
you also want to validate email
and phone
fields upon registration.
everyauth
provides an easy way to do this:
everyauthpassword; // OR everyauthpassword;
With simple login configuration like this, you get email (or phone) validation in addition to renaming of the form field and user key corresponding to what otherwise would typically be referred to as 'login'.
Password Recipe 3: Adding additional view local variables to login and registration views
If you are using express
, you are able to pass variables from your app
context to your view context via local variables. everyauth
provides
several convenience local vars for your views, but sometimes you will want
to augment this set of local vars with additional locals.
So everyauth
also provides a mechanism for you to do so via the following
configurables:
everyauthpassword;everyauthpassword;
loginLocals
and registerLocals
configuration have symmetrical APIs, so I
will only cover loginLocals
here to illustrate how to use both.
You can configure this parameter in one of 3 ways. Why 3? Because there are 3 types of ways that you can retrieve your locals.
-
Static local vars that never change values:
```javascript everyauth.password.loginLocals({ title: 'Login' }); ```
-
Dynamic synchronous local vars that depend on the incoming request, but whose values are retrieved synchronously
```javascript everyauth.password.loginLocals( function (req, res) { var sess = req.session; return { isReturning: sess.isReturning }; }); ```
-
Dynamic asynchronous local vars
```javascript everyauth.password.loginLocals( function (req, res, done) { asyncCall( function ( err, data) { if (err) return done(err); done(null, { title: il8n.titleInLanguage('Login Page', il8n.language(data.geo)) }); }); }); ```
Password Recipe 4: Customize Your Registration Validation
By default, everyauth.password
automatically
- validates that the login (or email or phone, depending on what you authenticate with -- see Password Recipe 2) is present in the login http request,
- validates that the password is present
- validates that an email login is a correctly formatted email
- validates that a phone login is a valid phone number
If any of these validations fail, then the appropriate errors are generated and accessible to you in your view via the errors
view local variable.
If you want to add additional validations beyond this, you can do so by configuring the step, validateRegistration
:
everyauthpassword ;
Password Recipe 5: Password Hashing
By default, everyauth is agnostic about how you decide to store your users and therefore passwords. However, one should always use password hashing and salting for security.
Here's an example of how to incorporate password hashing into everyauth using bcrypt hashing. The idea is to store a salt and hash value inside your user object instead of the password. The hash value is generated from the password (sent with a registration or login request) and unique salt per user, using the bcrypt algorithm.
// Make sure to `npm install bcrypt`var bcrypt = ; everyauthpassword
Other Modules
GitHub OAuth
var everyauth = connect = ; everyauthgithub ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthgithub scope'repo'; // Defaults to undefined // Can be set to a combination of: 'user', 'public_repo', 'repo', 'gist' // For more details, see http://develop.github.com/p/oauth.html
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthgithubscope; // undefinedeveryauthgithub; // '/auth/github'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthgithub;
Instagram OAuth
var everyauth = connect = ; everyauthinstagram ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthinstagram scope'basic' // Defaults to 'basic' // Can be set to a combination of: 'basic', 'comments', 'relationships', 'likes' // For more details, see http://instagram.com/developer/auth/#scope displayundefined; // Defaults to undefined; Set to 'touch' to see a mobile optimized version // of the instagram auth page
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthinstagram; // '/auth/instagram/callback'everyauthinstagram; // '/auth/instagram'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthinstagram;
Foursquare OAuth
var everyauth = connect = ; everyauthfoursquare ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthfoursquare ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthfoursquare; // '/auth/foursquare/callback'everyauthfoursquare; // '/auth/foursquare'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthfoursquare;
LinkedIn OAuth
var everyauth = connect = ; everyauthlinkedin ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthlinkedin ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthlinkedin; // '/auth/linkedin/callback'everyauthlinkedin; // '/auth/linkedin'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthlinkedin;
Google OAuth2
var everyauth = connect = ; everyauthgoogle scope'https://www.googleapis.com/auth/userinfo.profile' // What you want access to ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthgoogle ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthgooglescope; // undefinedeveryauthgoogle; // '/auth/google'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthgoogle;
Gowalla OAuth2
var everyauth = connect = ; everyauthgowalla ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthgowalla ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthgowallascope; // undefinedeveryauthgowalla; // '/auth/gowalla'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthgowalla;
37signals (Basecamp, Highrise, Backpack, Campfire) OAuth2
First, register an app at integrate.37signals.com.
var everyauth = connect = ; everyauth'37signals' ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauth'37signals' ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauth'37signals'; // '/auth/37signals'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauth'37signals';
AngelList OAuth2
First, register an app on AngelList.
var everyauth = connect = ; everyauthangellist ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthangellist ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthangellist; // '/auth/angellist'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthangellist;
Dwolla OAuth2
First, register an app on Dwolla.
var everyauth = connect = ; everyauthdwolla scope'accountinfofull' ; var { // Define your routes here};
Skyrock OAuth
First, register an app on Skyrock.
var everyauth = connect = ; everyauthskyrock ; var { // Define your routes here}; ;
VKontakte OAuth2
First, register an app on VKontakte.
var everyauth = connect = ; everyauthvkontakte scope'photo' ; var { // Define your routes here}; ;
Mail.ru OAuth2
First, register an app on mail.ru.
var everyauth = connect = ; everyauthmailru scope'messages' ; var { // Define your routes here}; ;
Yahoo OAuth
var everyauth = connect = ; everyauthyahoo ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthyahoo ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthyahoo; // '/auth/yahoo/callback'everyauthyahoo; // '/auth/yahoo'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthyahoo;
Readability OAuth
var everyauth = connect = ; everyauthreadability ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthreadability ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthreadability; // '/auth/readability/callback'everyauthreadability; // '/auth/readability'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthreadability;
Dropbox OAuth
var everyauth = connect = ; everyauthdropbox ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthdropbox ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthdropbox; // '/auth/dropbox/callback'everyauthdropbox; // '/auth/dropbox'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthdropbox;
Justin.tv OAuth
Sign up for a Justin.tv account and activate it as a developer account to get your consumer key and secret.
var everyauth = connect = ; everyauthjustintv ; var { // Define your routes here}; ;
The justintvUser
parameter in the .findOrCreateUser()
function above returns the account/whoami
API call
Justin.tv API Wiki - Account/whoami
"image_url_huge": "http:\/\/static-cdn.justin.tv\/jtv_user_pictures\/justin-320x240-4.jpg" "profile_header_border_color": null "favorite_quotes": "I love Justin.tv" "sex": "Male" "image_url_large": "http:\/\/static-cdn.justin.tv\/jtv_user_pictures\/justin-125x94-4.jpg" "profile_about": "Check out my website:\n\nwww.justin.tv\n" "profile_background_color": null "image_url_medium": "http:\/\/static-cdn.justin.tv\/jtv_user_pictures\/justin-75x56-4.jpg" "id": 1698 "broadcaster": true "profile_url": "http:\/\/www.justin.tv\/justin\/profile" "profile_link_color": null "image_url_small": "http:\/\/static-cdn.justin.tv\/jtv_user_pictures\/justin-50x37-4.jpg" "profile_header_text_color": null "name": "The JUST UN" "image_url_tiny": "http:\/\/static-cdn.justin.tv\/jtv_user_pictures\/justin-33x25-4.jpg" "login": "justin" "profile_header_bg_color": null "location": "San Francisco"
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthjustintv ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthjustintv; // '/auth/justintv/callback'everyauthjustintv; // '/auth/justintv'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthjustintv;
Vimeo OAuth
You will first need to sign up for a developer application to get the consumer key and secret.
var everyauth = connect = ; everyauthvimeo ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthvimeo ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthvimeo; // '/auth/vimeo/callback'everyauthvimeo; // '/auth/vimeo'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthvimeo;
Tumblr OAuth (1.a)
You will first need to register an app to get the consumer key and secret. During registration of your new app, enter a "Default callback URL" of "http://:/auth/tumblr/callback". Once you register your app, copy down your "OAuth Consumer Key" and "Secret Key" and proceed below.
var everyauth = connect = ; everyauthtumblr ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthtumblr ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthtumblr; // '/auth/tumblr/callback'everyauthtumblr; // '/auth/tumblr'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthtumblr;
Evernote OAuth (1.a)
You will first need to request an API key to get the consumer key and secret. Note that this consumer key and secret will only be valid for the sandbox rather than the production OAuth host. By default the Evernote module will use the production host, so you'll need to override this using the chainable API if you're using the sandbox.
var everyauth = connect = ; everyauthevernote ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthevernote ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthevernote; // 'https://sandbox.evernote.com'everyauthevernote; // '/auth/evernote/callback'everyauthevernote; // '/auth/evernote'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthevernote;
OpenStreetMap OAuth
You will first need to login to OpenStreetMap. Then register you application on your OpenStreetMap user page via the View my OAuth details link on the bottom of the page to get the consumer key and secret. The registered application does not need any permission listed there to login via OAuth.
var everyauth = connect = ; everyauthosm ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthosm ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthosm; // 'http://api.openstreetmap.org'everyauthosm; // '/auth/osm/callback'everyauthosm; // '/auth/osm'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthosm;
TripIt OAuth (1.0)
Obtain consumer key and consumer secret for your app by registering it. Please note that TripIt is using API Key and API Secret terminology: use those values as describe below.
var everyauth = connect = ; everyauthtripit ; var { // Define your routes here}; ;
500px OAuth (1.0)
You will first need to request an API key to get the consumer key and secret.
var everyauth = connect = ; everyauth'500px' ; var { // Define your routes here}; ;
SoundCloud OAuth2
You will first need to register an app to get the client id and secret. During registration of your new app, enter a "Default callback URL" of "http://:/auth/soundcloud/callback". Once you register your app, copy down your "Client ID" and "Client Secret" and proceed below.
var everyauth = connect = ; everyauthsoundcloud ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthsoundcloud ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthsoundcloudscope; // undefinedeveryauthsoundclouddisplay; // undefinedeveryauthsoundcloud; // '/auth/soundcloud'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthsoundcloud;
mixi OAuth2
First, register an app on mixi.
var everyauth = connect = ; everyauthmixi display'pc' //specify device types of access: See http://developers.mixi.co.jp/ scope'r_profile' //specify types of access: See http://developers.mixi.co.jp/ ; var { // Define your routes here};
Mailchimp OAuth2
First, register an app in Mailchimp.
var everyauth = connect = ; everyauthmailchimp //MC requires 127.0.0.1 for dev ; var { // Define your routes here}; ;
Mendeley OAuth (1.0)
You will first need to register your application to get the consumer key and secret.
everyauthmendeley ; var { // Define your routes here}; ;
OpenID protocol
OpenID protocol allows you to use an openid auth request. You can read more information about it here http://openid.net/
var everyauth = connect = ; everyauthopenid ; //The POST variable used to get the OpenID ; var { // Define your routes here}; ;
Google OpenID+OAuth Hybrid protocol
OpenID+OAuth Hybrid protocol allows you to combine an openid auth request with a oauth access request. You can read more information about it here http://code.google.com/apis/accounts/docs/OpenID.html
Register your domain with Google here and write down the consumer key and consumer secret generated during the domain registration.
var everyauth = connect = ; everyauthgooglehybrid scope'GOOGLE API SCOPE''GOOGLE API SCOPE' ; var { // Define your routes here}; ;
Smarterer
You will need to register for an app id here. Implementation details follow the same pattern as with other oauth2 implementations.
var everyauth = connect = ; everyauthsmarterer ; var { // Define your routes here}; ;
Box.net
var everyauth = connect = ; everyauthbox ; var { // Define your routes here}; ;
You can also configure more parameters (most are set to defaults) via the same chainable API:
everyauthbox ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthbox; // '/auth/box/callback'everyauthbox; // '/auth/box'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthbox;
LDAP
The LDAP module is still in development. Do not use it in production yet.
Install OpenLDAP client libraries:
$ apt-get install slapd ldap-utils
Install node-ldapauth:
var everyauth = connect = ; everyauthldap host'your.ldap.host' port389 // The `ldap` module inherits from the `password` module, so // refer to the `password` module instructions several sections above // in this README. // You do not need to configure the `authenticate` step as instructed // by `password` because the `ldap` module already does that for you. // Moreover, all the registration related steps and configurable parameters // are no longer valid ; var { // Define your routes here}; ;
Windows Azure Access Control Service (ACS)
You will need to create a Windows Azure ACS namespace. The only caveat when creating the namespace is setting the "Return URL". You will probably create one Relying Party for each environment (dev, qa, prod) and each of them will have a different "Return URL". For instance, dev will be http://localhost:port/auth/azureacs/callback
and prod could be https://myapp.com/auth/azureacs/callback
(notice the /auth/azureacs/callback
, that's where the module will listen the POST with the token from ACS)
var everyauth = connect = ; everyauthazureacs // if you want to use a default idp (like google/liveid) // only swt supported for now ; ; var { // Define your routes here}; ;
If you want to see what the current value of a configured parameter is, you can do so via:
everyauthbox; // '/auth/azureacs/callback'
To see all parameters that are configurable, the following will return an object whose parameter name keys map to description values:
everyauthbox;
Dailycred OAuth
everyauthdailycred ;
Configuring a Module
everyauth was built with powerful configuration needs in mind.
Every module comes with a set of parameters that you can configure
directly. To see a list of those parameters on a per module basis,
with descriptions about what they do, enter the following into the
node REPL (to access the REPL, just type node
at the command line)
> var ea = require('everyauth');
> ea.facebook.configurable();
For example, you will see that one of the configuration parameters is
moduleTimeout
, which is described to be how long to wait per step before timing out and invoking any timeout callbacks
Every configuration parameter corresponds to a method of the same name
on the auth module under consideration (i.e., in this case
ea.facebook
). To create or over-write that parameter, just
call that method with the new value as the argument:
eafacebook ; // Wait 4 seconds before timing out any step // involved in the facebook auth process
Configuration parameters can be scalars. But they can be anything. For
example, they can also be functions, too. The facebook module has a
configurable step named findOrCreateUser
that is described as
"STEP FN [findOrCreateUser] function encapsulating the logic for the step
fetchOAuthUser
.". What this means is that this configures the
function (i.e., "FN") that encapsulates the logic of this step.
eafacebook ;
How do we know what arguments the function takes?
We elaborate more about step function configuration in our
Introspection
section below.
For coffee-script lovers
Everyauth also supports a special method configure
for coffee-script
aficionados. Coffee and chainable APIs often don't mix well. As an alternative,
you can configure an everyauth module using an Object
passed to configure
:
everyauthdropboxconfigure consumerKey: confdropboxconsumerKey consumerSecret: confdropboxconsumerSecret : usersdbMetauidor= addUser'dropbox'dbMeta redirectPath: '/'
Introspection
everyauth provides convenient methods and getters for finding out about any module.
Show all configurable parameters with their descriptions:
everyauthfacebook;
Show the value of a single configurable parameter:
// Get the value of the configurable callbackPath parametereveryauthfacebook; // => '/auth/facebook/callback'
Show the declared routes (pretty printed):
everyauthfacebookroutes;
Show the steps initiated by a given route:
everyauthfacebookroutegetentryPathsteps; everyauthfacebookroutegetcallbackPathsteps;
Sometimes you need to set up additional steps for a given auth
module, by defining that step in your app. For example, the
set of steps triggered when someone requests the facebook
module's callbackPath
contains a step that you must define
in your app. To see what that step is, you can introspect
the callbackPath
route with the facebook module.
everyauthfacebookroutegetcallbackPathstepsincomplete;// => [ { name: 'findOrCreateUser',// error: 'is missing: its function' } ]
This tells you that you must define the function that defines the
logic for the findOrCreateUser
step. To see what the function
signature looks like for this step:
var matchingStep =everyauthfacebookroutegetcallbackPathsteps0;// { name: 'findOrCreateUser',// accepts: [ 'session', 'accessToken', 'extra', 'oauthUser' ],// promises: [ 'user' ] }
This tells you that the function should take the following 4 arguments:
{ ...}
And that the function should return a user
that is a user object or
a Promise that promises a user object.
// For synchronous lookup situations, you can return a user { ... return id: 'some user id' username: 'some user name' ;} // OR // For asynchronous lookup situations, you must return a Promise that// will be fulfilled with a user later on { var promise = this; ; return promise;}
You add this function as the block for the step findOrCreateUser
just like
you configure any other configurable parameter in your auth module:
everyauthfacebook ;
There are also several other introspection tools at your disposal:
For example, to show the submodules of an auth module by name:
everyauthoauth2submodules;
Other introspection tools to describe (explanations coming soon):
-
Invalid Steps
everyauthfacebookroutesgetcallbackPathstepsinvalid
Debugging
Debugging - Logging Module Steps
To turn on debugging:
everyauthdebug = true;
Each everyauth auth strategy module is composed of steps. As each step begins and ends, everyauth will print out to the console the beginning and end of each step. So by turning on the debug flag, you get insight into what step everyauth is executing at any time.
For example, here is some example debugging information output to the console during a Facebook Connect authorization:
starting step - getAuthUri
...finished step
starting step - requestAuthUri
...finished step
starting step - getCode
...finished step
starting step - getAccessToken
...finished step
starting step - fetchOAuthUser
...finished step
starting step - getSession
...finished step
starting step - findOrCreateUser
...finished step
starting step - compile
...finished step
starting step - addToSession
...finished step
starting step - sendResponse
...finished step
Debugging - Configuring Error Handling
By default, all modules handle errors by throwing them. That said, everyauth
allows
you to over-ride this behavior.
You can configure error handling at the module and step level. To handle all errors in the same manner across all auth modules that you use, do the following.
everyautheverymodule;
You can also configure your error handling on a per module basis. So, for example, if you want to handle errors during the Facebook module differently than in other modules:
everyauthfacebook;
Debugging - Setting Timeouts
By default, every module has 10 seconds to complete each step. If a step takes longer than 10 seconds to complete, then everyauth will pass a timeout error to your configured error handler (see section "Configure Error Handling" above).
If you would like to increase or decrease the timeout period across all modules, you can do so via:
everyautheverymodule; // Wait 2 seconds per step instead before timing out
You can eliminate the timeout altogether by configuring your timeouts to -1:
everyautheverymodule;
You can also configure the timeout period on a per module basis. For example, the following will result in the facebook module having 3 seconds to complete each step before timing out; all other modules will have the default 10 seconds per step before timing out.
everyauthfacebook; // Wait 3 seconds
In the Wild
The following projects use everyauth.
If you are using everyauth in a project, app, or module, get on the list below by getting in touch or submitting a pull request with changes to the README.
Startups & Apps
Modules
- mongoose-auth Authorization plugin for use with the node.js MongoDB orm.
- Heroku's Facebook Node.JS Template
- node-express-boilerplate
- ExpressStarter
Tutorials
The following are 3rd party screencasts and blog posts about either getting up and running with everyauth or writing your own everyauth modules to support a new service.
If you would like your blog post to be included, please submit a pull request with changes to the README.
- NodeTuts: Starting with everyauth
- Node.js modules you should know about: everyauth
- Implementing Windows Azure ACS with everyauth
- OAuth: Logging In with EveryAuth and NodeJS
- Calling the github API with node.js
- Simple Node.js Express MVR Template
Author
Brian Noguchi
Credits
Thanks to the following contributors for the following modules:
- RocketLabs Development for contributing
- OpenId
- Google Hybrid
- Andrew Mee
- OpenId
- Alfred Nerstu
- Readability
- Torgeir
- DropBox
- slickplaid
- Justin.tv
- Vimeo
- Andrew Kramolisch
- Gowalla
- Kenan Shifflett
- Dwolla
- Alexey Simonenko
- VKontakte
- Alexey Gordeyev
- Mail.ru
- Rodolphe Stoclin
- Skyrock
- Danny Amey
- 500px
- Evernote
- Chris Leishman
- SoundCloud
MIT License
Copyright (c) 2011 by Brian Noguchi
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.