passport-citrix

Citrix Online authentication strategy for Passport.

This module implements a passport strategy for authenticating against the Citrix Online authentication process (the GoTo* products). This is a variant on OAuth 2.0, but with differences in how the access token is requested (GET vs POST).

To get an API key, see: https://developer.citrixonline.com

Install

$ npm install passport-citrix2

Usage

Configure Strategy

The strategy requires session support, and the apiKey and callback options are mandatory. A verify callback receives access token, plus information needed refresh the token along with the user profile, and calls done providing a user. verify should either check the user is an existing account, or initiate the process for registering a new account.

  var CitrixStrategy = require('citrix-passport2').Strategy

  passport.use(new CitrixStrategy({
      apiKey: 'CITRIX ONLINE API KEY',
      callbackURL: "http://127.0.0.1:3000/auth/citrix/callback"
    },
    function(accessToken, refreshToken, accountKey, expiresIn, profile, done) {
      User.findOrCreate(accountKey, profile, function (err, user) {
        done(err, user);
      });
    }        
  ));

Note:

  • For security, a callbackURL is mandatory - XSS detection state is carried via the callbackURL.
  • Session support is mandatory to use this strategy.
  • Only the API key (aka 'Consumer Key') provided by Citrix is needed, not the 'Consumer Secret'

Options:

  • apiKey (mandatory) identifies client to Citrix Online
  • callbackURL (mandatory) URL to which Citrix Online will redirect the user after obtaining authorization
  • trustProxy (optional) set true if using relative callbackURL and behind reverse proxy
  • sessionKey (optional) field within req.session to use for auth persistence

Where:

 accessToken = "XXX"
 refreshToken = "XXX"
 accountKey = "1234567890"  // Unique identifier for account
 expiresIn = "0123456"      // Time before accessToken expires (currently approx 1 year)
 profile = {
   firstName: "John",
   lastName: "Doe",
   email: "john.doe@domain.com",
 }

Authenticate Requests

Use passport.authenticate(), specifying the 'citrix' strategy, to authenticate requests.

For example:

app.get('/auth',
  passport.authenticate('citrix'));

app.get('/auth/citrix/callback',
  passport.authenticate('citrix', { failureRedirect: '/auth_failed' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

License

The MIT License

Supported by

SEARCH FOR STRATEGIES

0STRATEGIES