guardian
Authentication gateway middle-man for simplifying OAuth requests with a plugin based architecture to allow quick iteration and implementation of new authentication schemes outside of normal or existing flows.
Install
$ npm install guardian
Starting
$ node index.js -c <configuration>
Configuration
Configuration files can be found in the config
directory, when no configuration file is declared default.js
is loaded, when declaring which file to use omit the js
extension like so:
$ node index.js -c production
Basic Options:
-
host
You should set this to be the public ip or domain name as it is utilized to generate the callback uri.Default:
localhost:3000
-
protocol
Host protocolDefault:
http
-
port
Port on which guardian runsDefault:
3000
-
pid.dir
Directory where the.guardian.pid
file will be output, in production environments this is usually/home/<user>/
, with trailing slash.Default:
./
-
redis.host
-
redis.port
-
redis.pass
Routes
Each endpoint functions as a step.
Storage
POST /store
Stores information given, returns hash to be used later on. 10
second life on the hashed information by default.
Parameters
OAuth 2
Details specific to OAuth2
client_id
client_secret
grant_type
Highly dependant on flow state, and which flow you are accessing. Common values:authorization_code
client_credentials
password
refresh_token
base_url
access_name
access token name, defaultaccess_token
authorize_method
state
scope
OAuth 1
Details specific to OAuth 1.0a
consumer_key
consumer_secret
signature_method
oauth_token
Authentication required
General information regarding authentication flow to load plugin.
-
auth_type
a-z chars accepted onlyDefault:
oauth
-
auth_flow
a-z_ chars accepted onlyThis would be a specific flow, a niche if you may. Echo, Owner Resources, etc.. Optional.
-
auth_version
numeric chars onlyWhat version of
auth_type
are we dealing with? Can be optional. -
auth_leg
numeric chars onlyWhat leg of
auth_type
is this?
These are combined to create the plugin file name which is composed like so:
type.lower + (flow? '_' + flow : '') + (version? '_' + version : '') + (leg? '_' + leg : '')
General
request_url
access_url
authorize_url
callback
for access_token & access_secret response
Hash Check
GET /hash-check
Allows you to preview / verify your stored information in-case of error or malformed response.
Once again, stored information by default lasts only 10
seconds.
Parameters
hash
Start
ALL /start
Begins guardian transactions and authentication steps. These steps are passed with a 302
request and should be followed.
Parameters
hash
OAuth 1.0a
Used in the OAuth 1.0a Signature Process for 1-Legged requests. Example.
url
Calling URL, query parameters from here are parsed so you don't need to place them in parameters... I don't think.method
Calling Methodbody
Calling Payload or Bodyparameters
Calling Parameters for Request Signatures or etc...
Tests
Each test in the test folder is based on an API or feature of guardian rather than TDD or BDD based tests, we simply verify whether the authentication succeeds and we get a response from the API about the API information rather than Authentication information.
Each API based test will require something of the likes:
$ node tests/api.js -k {Your Consumer/Client Key/Id} -s {Your Consumer/Client Secret} -h {host, ie: localhost or domain}
You will recieve a response with the headers sent, and the returned response from the API, guardian must be running locally for these tests to work and on the port 3000
. Unless you alter these files~
About
Originally called gatekeeper, but someone else had that and no other names seemed appropriate for what this does so we went with guardian which is another form of a gatekeeper.