passport-mitopenid

Passport Strategy for the Massachusetts Institute of Technology (MIT) OpenID Connect with the AuthorizationCode grant type of the OAuth 2.0 protocol.

This module lets you authenticate using MIT OpenID Connect (MOIDC) in your Node.js applications. By plugging into Passport, MOIDC authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-mitopenid

Usage

Create an Application

Before using passport-mitopenid, you must register an application with MOIDC. If you have not already done so, a new project can be created via MOIDC. Your application will be issued a client ID and client secret, which need to be provided to the strategy. You will also need to configure a redirect URI which matches the route in your application.

NOTE: If you are not MIT affiliated, you will not be able to use this module because you will not be able to log in on MOIDC. This module is solely intended for applications developed within and for the MIT community.

Configure Strategy

The MOIDC Strategy authenticates using a Client application from MOIDC and OAuth 2.0 tokens. The generated clientID and clientSecret are to be supplied in the options of the strategy. Additionally, the strategy requires a verify callback which receives the parameters accessToken, optional refreshToken, profile, and function done from passport. The verify callback must call done with either an error (i.e. done(err)) or with providing the user to complete authentication (i.e. done(null, user)). Ideally, this user comes from client's database (which ideally is found with the id supplied under profile.id). For more details, see the passport documentation.

Here's an example:

const MITStrategy = require('passport-mitopenid').MITStrategy;
 
passport.use(new MITStrategy({
    clientID: MIT_CLIENT_ID,
    clientSecret: MIT_CLIENT_SECRET,
    callbackURL: "http://www.example.com/auth/mitopenidc/callback"
  },
  function(accessToken, refreshToken, profile, done) {
    User.findOrCreate({ mitid: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'mitopenid' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/mitopenid',
  passport.authenticate('mitopenidc'));
 
app.get('/auth/mitopenid/callback', 
  passport.authenticate('mitopenid', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Examples

Developers using the Express can refer to this example guide to build their web applications.

Contributing

See CONTRIBUTING.md

Credits

This work was very much inspired from the Google's passport strategy implementation thanks to the work of jaredhanson on Passport.

License

The MIT License

Copyright (c) 2018 Robert M. Vunabandi <https://github.com/robertvunabandi>