Passport-Adobe-OAuth2
Passport strategy for authenticating users with an AdobeId using the OAuth 2.0 API.
This module lets you authenticate using Adobe Identity Management Services (IMS) in your Node.js applications. By plugging into Passport, AdobeId authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
Adobe Authentication - Getting Started
Install
$ npm install passport-adobe-oauth2
Usage
Create an integration on Adobe Console
You need to set up OAuth web credentials for Creative SDK to use the sample.
- Select "Web" for the platform
- For the default redirect URI:
https://
+ some domain name +:3000
+/auth/adobe/callback
- For example:
https://www.example.net:3000/auth/adobe/callback
- Input a corresponding redirect URI pattern.
- For example:
https://www\.example\.net/auth/adobe/callback
- For example:
Configure Strategy
The Adobe authentication strategy authenticates users using an Adobe ID account
and OAuth 2.0 tokens. The strategy requires a verify
callback, which accepts
these credentials and calls done
providing a user, as well as options
specifying a client ID, client secret, and callback URL.
// You should modify the following values to match your own application
var ADOBE_STRATEGY_CONFIG = {
clientID: "Insert Adobe Client ID Here",
clientSecret: "Insert Adobe Client Secret Here",
callbackURL: "https://www.example.net:3000/auth/adobe/callback"
};
// Use the AdobeStrategy within Passport.
// Strategies in Passport require a `verify` function, which accepts credentials
// (in this case, an accessToken, refreshToken, and Adobe profile)
// and invoke a callback with a user object.
passport.use(new AdobeStrategy(ADOBE_STRATEGY_CONFIG,
function (accessToken, refreshToken, profile, done) {
//verify function below
// asynchronous verification, for effect...
process.nextTick(function () {
// To keep the example simple, the user's Adobe profile is returned to
// represent the logged-in user. In a typical application, you would want
// to associate the Adobe account with a user record in your database,
// and return that user instead.
// var userId = profile.userId || profile.sub;
return done(null, profile);
});
}
));
Authenticate Requests
Use passport.authenticate()
, specifying the 'adobe'
strategy, to
authenticate requests.
For example, as route middleware in an Express application:
app.get('/auth/adobe/login.html',
passport.authenticate('adobe'));
app.get('/auth/adobe/callback',
passport.authenticate('adobe', { failureRedirect: '/login' }),
function(req, res) {
// Successful authentication, redirect home.
res.redirect('/');
});
Example
The source repo contains a very basic example application you can run on your machine. Here's how to get it up and running:
Step 1: Create an integration on Adobe Console
You need to set up OAuth web credentials for Creative SDK to use the sample.
- Select "Web" for the platform
- For the default redirect URI:
https://
+ some domain name +:3000
+/auth/adobe/callback
- For example:
https://www.example.net:3000/auth/adobe/callback
- Input a corresponding redirect URI pattern.
- For example:
https://www\.example\.net/auth/adobe/callback
- For example:
Step 2: Create a self-signed SSL certificate to run a local https server
Because we are only running this locally and in non-production mode, we can secure the server connection with a self-signed SSL cert. This can be done via openssl.
Make sure the openssl library is installed by checking the path
which openssl
Install if necessary: MacOSX Homebrew, Windows
In the example directory, generate your cert and private key files: server.key
and server.crt
. The challenge password is used for certificate revocation-- you can leave this empty for the example
$ cd example
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
writing RSA key
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
...
A challenge password []:
...
$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
Step 3: Override DNS records to redirect to local host
Open and edit the hosts file with admin rights.
- for MacOSX and Ubuntu:
sudo open /etc/hosts
- for Windows (8, 8.1, 10): Run notepad as Administrator. File->Open
c:\windows\system32\drivers\etc\hosts
Add a record on a new line to alias the redirect domain to your local host ip address
127.0.0.1 www.example.net
Step 4: Edit the app.js file in the example
Open and edit the example/app.js file. Fill the following variable to match the integration you created on the console
var ADOBE_CLIENT_ID = "..."
var ADOBE_CLIENT_SECRET = "..."
var REDIRECT_URI = "..."
Step 5: Run the sample
Go into the example
folder and run
$ npm install
$ npm start
Then open in your browser
https://www.example.net:3000/auth/adobe/login.html
Replacing www.example.net
with whatever redirect domain you chose. You may be prompted with an insecure website warning. Proceed anyway.
Tests
npm test
Credits
- Dragos Dascalita Haut @ddragosd
- Audrey So @audreyeso
- Caryn Tran @carynbear
- Jesse MacFadyen @purplecabbage
This strategy is based on Jared Hanson's GitHub strategy for passport:
License
Copyright (c) 2014 - present Adobe Systems Incorporated. All rights reserved.