Moneypenny - Authentication Client
##Introduction
Moneypenny acts as an authentication service that supports single sign-on and sign-off using oAuth and JSON web tokens(JWT).
Backend services unencrypt the JWT to know who the authenticated user is.
###Related Projects
###Sample
##Authenticating a Request
To authenticate a request against another service running moneypenny client the server can forward the token to that service, moneypenny-client uses passport-localapikey to allow requests to other services to be authenticated.
The token is passed by adding the query parameter apikey or a header apikeyto the request, service running moneypenny-client will then attempt to decript that user using either the public key or shared secret, if it has success that user will be authenticated for that request.
This project connects to the moneypenny server
###Methods
checkAuthenticated(req, res, next) middlewhere to check the authentication of the client, redirects the user to the moneypenny server for login, if they are not authenticated.
initialize(app) initalizes express to use routes required by moneypenny for the oauth flow.
##Authenticated User.
After a user is authenticated with the moneypenny server and the oAuth flow is complete, the user will be attached to the expressjs request as req.user and the users token attached to the user in req.user.token.
For the sake of security a developer using this service should endevor to not pass the token outside their controlled ecosystem, for example, remove the token from the object if you wish to send the user to the browser.
##API documentation.
moneypenny-client
Client for authentication against a moneypenny server.
See: https://github.com/blueflag/moneypenny
Example
var express = require('express');
var app = express();
// Create and configure Moneypenny authetication client.
var authClient = new AuthClient({
jwtSecret: JWT_SECRET,
providerHost: AUTH_HOST,
providerPort: AUTH_PORT,
serverHost: SERVER_HOST,
serverPort: SERVER_PORT,
oAuthClientSecret : CLIENT_SECRET,
oAuthClientID: CLIENT_ID
});
//Initialize Authentication Routes.
authClient.initialize(app);
//Check authentication before other routes
app.use(authClient.checkAuthenticated);-
moneypenny-client
- static
-
inner
-
~Options :
Options
-
~Options :
moneypenny-client.checkAuthenticated(req, res, next)
Checks that a user is autenticated for a request, returns user to the login page if they are not.
Kind: static method of moneypenny-client
| Param | Type | Description |
|---|---|---|
| req | Request |
express request object. |
| res | Response |
express response object |
| next | callback |
express next callback, next function to call after success. |
moneypenny-client.initialize(app)
Initalizes the passport and sets up oAuth routes.
Kind: static method of moneypenny-client
| Param | Type | Description |
|---|---|---|
| app | App |
express js application ojbect. |
moneypenny-client~Options : Options
Options required for creating a moneypenny client.
Kind: inner typedef of moneypenny-client
Properties
| Name | Type | Description |
|---|---|---|
| jwtSecret | String |
Secret to use to decode JWT. |
| providerHost | String |
required web accessable host name for the location of the authentication server. |
| providerPort | Number |
default:443 web accessable port for the location of the authentication server. |
| providerName | String |
default:moneypenny-server name given to the oAuth passport stratergy |
| serverHost | String |
required web accessable hostname of the service running the moneypennny-client |
| serverPort | Number |
default:443 web accessable port of the service running the moneypennny-client |
| oAuthClientSecret | String |
required shared secret setup in the authentication service for the service |
| oAuthClientID | String |
required client id that corresponds to this service on the authentication service |
| authorizationURI | String |
default:/oauth2/authorization url on the authentication server where the authentication endpoint can be found. |
| tokenURI | String |
default:/oauth2/token uri that this server will use to get the token. |
| callbackURI | String |
default:/auth/provider/callback uri that will be added to this server using the initialize() method that will be used for the oAuth2 callback |
| loginUri | String |
default:/login uri that is used to login to the service, this will be added to this server using the initalize() method. |