0.0.6 • Public • Published


Moneypenny - Authentication Client

Circle CI Coverage Status


Moneypenny acts as an authentication service that supports single sign-on and sign-off using oAuth and JSON web tokens(JWT).

Backend services unencrypt the JWT to know who the authenticated user is.

###Related Projects


Sample Implementation Code

##Authenticating a Request

To authenticate a request against another service running moneypenny client the server can forward the token to that service, moneypenny-client uses passport-localapikey to allow requests to other services to be authenticated.

The token is passed by adding the query parameter apikey or a header apikeyto the request, service running moneypenny-client will then attempt to decript that user using either the public key or shared secret, if it has success that user will be authenticated for that request.

This project connects to the moneypenny server


checkAuthenticated(req, res, next) middlewhere to check the authentication of the client, redirects the user to the moneypenny server for login, if they are not authenticated.

initialize(app) initalizes express to use routes required by moneypenny for the oauth flow.

##Authenticated User.

After a user is authenticated with the moneypenny server and the oAuth flow is complete, the user will be attached to the expressjs request as req.user and the users token attached to the user in req.user.token.

For the sake of security a developer using this service should endevor to not pass the token outside their controlled ecosystem, for example, remove the token from the object if you wish to send the user to the browser.

##API documentation.


Client for authentication against a moneypenny server.


var express = require('express');
var app = express();
// Create and configure Moneypenny authetication client.
var authClient = new AuthClient({
		jwtSecret: JWT_SECRET,
		providerHost: AUTH_HOST,
		providerPort: AUTH_PORT,
		serverHost: SERVER_HOST,
		serverPort: SERVER_PORT,
		oAuthClientSecret : CLIENT_SECRET,
		oAuthClientID: CLIENT_ID
//Initialize Authentication Routes.
//Check authentication before other routes

moneypenny-client.checkAuthenticated(req, res, next)

Checks that a user is autenticated for a request, returns user to the login page if they are not.

Kind: static method of moneypenny-client

Param Type Description
req Request express request object.
res Response express response object
next callback express next callback, next function to call after success.


Initalizes the passport and sets up oAuth routes.

Kind: static method of moneypenny-client

Param Type Description
app App express js application ojbect.

moneypenny-client~Options : Options

Options required for creating a moneypenny client.

Kind: inner typedef of moneypenny-client

Name Type Description
jwtSecret String Secret to use to decode JWT.
providerHost String required web accessable host name for the location of the authentication server.
providerPort Number default:443 web accessable port for the location of the authentication server.
providerName String default:moneypenny-server name given to the oAuth passport stratergy
serverHost String required web accessable hostname of the service running the moneypennny-client
serverPort Number default:443 web accessable port of the service running the moneypennny-client
oAuthClientSecret String required shared secret setup in the authentication service for the service
oAuthClientID String required client id that corresponds to this service on the authentication service
authorizationURI String default:/oauth2/authorization url on the authentication server where the authentication endpoint can be found.
tokenURI String default:/oauth2/token uri that this server will use to get the token.
callbackURI String default:/auth/provider/callback uri that will be added to this server using the initialize() method that will be used for the oAuth2 callback
loginUri String default:/login uri that is used to login to the service, this will be added to this server using the initalize() method.




DownloadsWeekly Downloads






Last publish


  • atridge
  • thepont