passport-dedicated-bluemix
This module lets you authenticate against an instance of Dedicated Bluemix (via CloudFoundry's UAA server) in your Node.js applications. By plugging into Passport, Dedicated Bluemix authentication can integrated into any application or framework that supports Connect-style middleware, including Express.
Installation
$ npm install passport-dedicated-bluemix
Usage
Register Application with Bluemix's User Account and Authentication Service
Before using passport-dedicated-bluemix
, you must register the application with your Dedicated Bluemix User Account and Authentication Service (UAA). If you have not already done so, client application registration can be found in here. As a side note, you will have to have some elevated permissions in your Bluemix instance to be able to register a client application with it's UAA server. Remember the client_id
and client_secret
to use with the passport strategy. In addition, the redirect_uri
will have to match the route in your application.
Configure Strategy
The Dedicated Bluemix authentication strategy authenticates users using a CloudFoundry UAA user account and OAuth 2.0 tokens. The strategy requires a verify
callback, which accepts these credentials and calls done
providing a user, as well as options
specifying a a user info URL, authorization URL, token URL, client ID, client secret, and callback URL.
passport.use(new BluemixDedicatedStrategy({
userInfoURL: 'https://uaa.<your bluemix domain>/userinfo',
authorizationURL: 'https://login.<your bluemix domain>/UAALoginServerWAR/oauth/authorize',
tokenURL: 'https://uaa.<your bluemix domain>/oauth/token',
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
callbackURL: "http://localhost:3000/auth/bluemix/callback"
},
(accessToken, refreshToken, profile, done) =>
User.findOrCreate({ userId: profile.id }, (err, user) =>
done(err, user));
));
Authenticate Requests
Use passport.authenticate()
, specifying the 'dedicated-bluemix'
strategy, to authenticate requests.
For example, as route middleware in an Express application:
app.get('/auth/bluemix', passport.authenticate('bluemix-dedicated'));
app.get('/auth/bluemix/callback', passport.authenticate('bluemix-dedicated', { successRedirect: '/home', failureRedirect: '/login' }));
Examples
Developers using the popular Express web framework can refer to an example as a starting point for their own applications.
FAQ
How do I request additional permissions?
If you need additional permissions from the user, the permissions can be
requested via the scope
option to passport.authenticate()
.
app.get('/auth/bluemix', passport.authenticate('bluemix-dedicated', {
scope: 'cloud_controller.read+openid+cloud_controller_service_permissions.read'
}));
How can I retain some sort of data throughout the OAuth flow?
CloudFoundry's UAA server utilizes a state parameter that will be passed back to the /callback
route of your application. If you need to use this, the permissions can be
requested via the state
option to passport.authenticate()
.
app.get('/auth/bluemix', passport.authenticate('bluemix-dedicated', {
state: 'my-state-string',
}));