Passport-Keystone
OpenStack Keystone authentication strategy for Passport and Node.js
Installation
npm install passport-keystone
Example
Check out the live demo, source code here, to see an express app configured for authentication with the Rackspace Cloud Identity Service, an implementation of OpenStack Keystone Service. Also included in the example is the Proxy-Keystone middleware, a simple proxy for keystone service catalog endpoints.
Documentation
Authentication
The keystone authentication strategy authenticates users using a username and
password from the POST body. The strategy requires a verify
callback, which accepts these
credentials and calls done
providing a user that is attached to req.user
.
passport.use(new KeystoneStrategy({
region: your.region, // required
authUrl: your.authUrl, // required
usernameField: 'username', // optional
passwordField: 'password' // optional
},
function(user, done) {
var user = {
id: identity.user.id,
token: identity.token.id,
username: identity.user.name,
serviceCatalog: identity.raw.access.serviceCatalog
};
return done(null, user);
}
));
Need to set session expiration to token expiration?
The following example uses passReqToCallback
to send the req
object to next callback, where session expiration can be configured.
passport.use(new KeystoneStrategy({
region: your.region, // required
authUrl: your.authUrl, // required
usernameField: 'username', // optional
passwordField: 'password' // optional
passReqToCallback : true // allows us to interact with req object
}, function(req, identity, done) {
if (!req.user) {
var user = {
id: identity.user.id,
token: identity.token.id,
username: identity.user.name,
serviceCatalog: identity.raw.access.serviceCatalog
};
// Set session expiration to token expiration
req.session.cookie.expires = Date.parse(identity.token.expires) - Date.now();
done(null, user);
} else {
// user already exists
var user = req.user; // pull the user out of the session
return done(null, user);
}
}));
Authenticate Requests
Use passport.authenticate()
, specifying the 'keystone'
strategy, to
authenticate requests.
app.post('/login',
passport.authenticate('keystone', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
}
);
Example form markup
<form action="/login" method="post">
<label>Username:</label>
<input type="text" name="username"/><br/>
<label>Password:</label>
<input type="password" name="password"/>
<input type="submit" value="Submit"/>
</form>
Example request via curl
curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login
Checkout Passportjs.org for more authentication examples.