passport-citrix
Citrix Online authentication strategy for Passport.
This module implements a passport strategy for authenticating against the Citrix Online authentication process (the GoTo* products). This is a variant on OAuth 2.0, but with differences in how the access token is requested (GET vs POST).
To get an API key, see: https://developer.citrixonline.com
Install
$ npm install passport-citrix2
Usage
Configure Strategy
The strategy requires session support, and the apiKey and callback options are mandatory. A verify
callback
receives access token, plus information needed refresh the token along with the user profile, and calls done
providing a user. verify
should either check the user is an existing account, or initiate the process for
registering a new account.
var CitrixStrategy = require('citrix-passport2').Strategy
passport.use(new CitrixStrategy({
apiKey: 'CITRIX ONLINE API KEY',
callbackURL: "http://127.0.0.1:3000/auth/citrix/callback"
},
function(accessToken, refreshToken, accountKey, expiresIn, profile, done) {
User.findOrCreate(accountKey, profile, function (err, user) {
done(err, user);
});
}
));
Note:
- For security, a callbackURL is mandatory - XSS detection state is carried via the callbackURL.
- Session support is mandatory to use this strategy.
- Only the API key (aka 'Consumer Key') provided by Citrix is needed, not the 'Consumer Secret'
Options:
apiKey
(mandatory) identifies client to Citrix OnlinecallbackURL
(mandatory) URL to which Citrix Online will redirect the user after obtaining authorizationtrustProxy
(optional) set true if using relative callbackURL and behind reverse proxysessionKey
(optional) field within req.session to use for auth persistence
Where:
accessToken = "XXX"
refreshToken = "XXX"
accountKey = "1234567890" // Unique identifier for account
expiresIn = "0123456" // Time before accessToken expires (currently approx 1 year)
profile = {
firstName: "John",
lastName: "Doe",
email: "john.doe@domain.com",
}
Authenticate Requests
Use passport.authenticate()
, specifying the 'citrix'
strategy, to
authenticate requests.
For example:
app.get('/auth',
passport.authenticate('citrix'));
app.get('/auth/citrix/callback',
passport.authenticate('citrix', { failureRedirect: '/auth_failed' }),
function(req, res) {
// Successful authentication, redirect home.
res.redirect('/');
});
Related Modules
- passport — Passport