passport-keystone

OpenStack Keystone authentication strategy for Passport and Node.js

Passport-Keystone

OpenStack Keystone authentication strategy for Passport and Node.js

npm install passport-keystone

Example

Check out the live demo, source code here, to see an express app configured for authentication with the Rackspace Cloud Identity Service, an implementation of OpenStack Keystone Service. Also included in the example is the Proxy-Keystone middleware, a simple proxy for keystone service catalog endpoints.

The keystone authentication strategy authenticates users using a username and password from the POST body. The strategy requires a verify callback, which accepts these credentials and calls done providing a user that is attached to req.user.

passport.use(new KeystoneStrategy({
   region: your.region, // required 
   authUrl: your.authUrl, // required 
   usernameField: 'username', // optional 
   passwordField: 'password' // optional 
  },
  function(userdone) {
    var user = {
      id: identity.user.id,
      token: identity.token.id,
      username: identity.user.name,
      serviceCatalog: identity.raw.access.serviceCatalog
    };
    return done(null, user);
  }
));

The following example uses passReqToCallback to send the req object to next callback, where session expiration can be configured.

passport.use(new KeystoneStrategy({
    region: your.region, // required 
    authUrl: your.authUrl, // required 
    usernameField: 'username', // optional 
    passwordField: 'password' // optional 
    passReqToCallback : true // allows us to interact with req object 
}, function(reqidentitydone) {
  if (!req.user) {
    var user = {
        id: identity.user.id,
        token: identity.token.id,
        username: identity.user.name,
        serviceCatalog: identity.raw.access.serviceCatalog
    };
 
    // Set session expiration to token expiration 
    req.session.cookie.expires = Date.parse(identity.token.expires) - Date.now();
 
    done(null, user);
  } else {
      // user already exists 
      var user = req.user; // pull the user out of the session 
      return done(null, user);
  }
}));

Use passport.authenticate(), specifying the 'keystone' strategy, to authenticate requests.

app.post('/login',
  passport.authenticate('keystone', { failureRedirect: '/login' }),
  function(reqres) {
    res.redirect('/');
  }
);

Example form markup

<form action="/login" method="post">
  <label>Username:</label>
  <input type="text" name="username"/><br/>
  <label>Password:</label>
  <input type="password" name="password"/>
  <input type="submit" value="Submit"/>
</form>

Example request via curl

curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login

Checkout Passportjs.org for more authentication examples.