Passport strategy for Cloudentity OAuth 2.0
Passport strategy for authenticating with Cloudentity using OAuth 2.0 & OIDC specifications. Cloudentity provides a world class FAPI certified multi tenant OAuth authorization server that will allow developers to create secure applications.
This module lets you authenticate using Cloudentity in your Node.js applications. By plugging into Passport, Cloudentity OAuth authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
Install
npm install passport-cloudentity-oauth2Usage
Create an Application in Cloudentity
Before using passport-cloudentity-oauth2, you must register an application with Cloudentity. If you have not already done so, a new application can be created within Cloudentity. If you do not have an account, sign up for a free account at Cloudentity. Once an application is created, you will be issued a Client Identifier, Client secret , authorization server URL and callback URL which needs to be configured in the strategy as shown below. You will also need to configure a callback URL which matches the route in your application.
Configure Strategy in Nodejs application
The Cloudentity OAuth 2.0 authentication strategy authenticates users using Cloudentity that utilizes any of the underlying identity providers configured within the Cloudentity platform. Cloudentity platform issues OAuth & OIDC spec based access token and ID tokens to the Nodejs application. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, authorization server URL, and callback URL.
Note that clientSecret is not required in below configuration, if PKCE flow is utilized and is set to true.
var CloudentityStrategy = require('passport-cloudentity-oauth2');
passport.use(new CloudentityStrategy({
authServerURL: process.env.CLOUDENTITY_AUTH_SERVER,
clientID: process.env.CLOUDENTITY_CLIENT_ID,
clientSecret: process.env.CLOUDENTITY_CLIENT_SECRET,
callbackURL: process.env.CLOUDENTITY_CALLBACK_URL,
pkce: true,
passReqToCallback : true
},
function(req, accessToken, refreshToken, params, profile, done) {
done(err, user);
}
));Authenticate Request in Nodejs application
To authenticate requests within this application, use the passport.authenticate() method specifying the cloudentity strategy.
app.get('/login',
passport.authenticate('cloudentity', {
session: true,
successReturnToOrRedirect: '/',
scope: ['email', 'profile', 'openid']
}
));
app.get( '/callback',
passport.authenticate('cloudentity', {
successRedirect: '/api/v1',
failureRedirect: '/'
}));Examples
Developers using the popular Express web framework can refer to the Express.js sample app that utilizes cloudentity strategy as a starting point for their own web applications.