jed / authom Goto Github PK
View Code? Open in Web Editor NEWA zero-dependency mutli-service authentication tool for node.js
License: MIT License
A zero-dependency mutli-service authentication tool for node.js
License: MIT License
I cannot use port 80 in my dev machine, so I decided to change the port as in:
var http = require("http")
, authom = require("../lib/authom")
, server = http.createServer()
, port = process.env.PORT || 9000
This results in an error:
Feature Request:
Wouldn't it be better to extract your keys, IDs, and so on, into a separate config.js file?
Example:
const config = {
// mongodb location
db: 'mongodb://localhost/authom',
// port
port: process.env.PORT || 3000,
// test environment
test_env: 'test',
test_db: 'authom-test',
test_port: 3001,
// github config
githubService: 'github',
githubId: '7e38d12b740a339b2d31',
githubSecret: '116e41bd4cd160b7fae2fe8cc79c136a884928c3',
githubState: 'unguessable-random-string'
// other providers
};
export default config;
authom source code looks very clean and easy to understand, but i got a problem to integreate with express,specifically i want to save the authenticated user information into express session.
app.use(express.session({
secret: 'xxx',
store: memoryStore,
}));
i want to set session in authom.on("auth", function(req, res, data) {
req.session.auth=true;
req.session.username= data.user.Name;
})
so that i can check whether user is authenticated or not in express
app.get("secpath",function(){
if(!req.session.auth) redirect("/auth/github"); //<-- but i can not get req.session.auth value as true, the session lost!
})
can someone show how to write a authom middleware for express or other solution?
Hello,
I tried playing around with Authom and Linkedin, below is a snippet of the setup
authom.createServer({
service: 'linkedin',
........
scope: ['r_basicprofile', 'r_emailaddress'],
fields: ['email-address', 'first-name', 'last-name', 'picture-url']
});
I get all the fields requested apart from email-address. Is it possible that email-address is not bound on return?
It's unlikely to be the Linkedin app because r_emailaddress is checked in.
Thanks
From http://developer.github.com/v3/oauth/
state
Optional string - An unguessable random string. It is used to protect against cross-site request forgery attacks.
hello, I understood how to retrieve other data facebook, with the fields and the scope, but I do not see how to do it with twitter, you have a solution, or is it set up?
With the new security changes with the node https module, self-signed certs are rejected by default. There is an override that can be set called rejectUnauthorized. My thought is to add the override into authom, but I may also not be aware of a workaround. Is this a known issue with workaround or something that should be added to authom? Thanks.
Hello,
I noticed that it's not possible to use more than one service with the library, despite using the name
field. Example:
var app = require("express").createServer()
, authom = require("authom")
var one = authom.createServer({
name: "facebook-one",
service: "facebook",
id: "1",
secret: "mylittlesecret",
scope: [],
fields: ["name", "picture"]
})
var two = authom.createServer({
name: "facebook-two",
service: "facebook",
id: "2",
secret: "mylittlesecret",
scope: [],
fields: ["name", "picture"]
})
console.log('one: ', one.code)
// { ... query: { client_id: '2', scope: '' } } <- I was expecting client_id: '1'
console.log('two: ', two.code)
// { ... query: { client_id: '2', scope: '' } }
app.get("/auth/:service", authom.app)
app.listen(8000)
In other words, the last service overwrite all the other services. I dug into the code and I figured out that you store instance variables on the prototype. Hence when one of those variables change, all the instances see the new change. Example:
function myClass(){}
myClass.prototype = {
settings: {name: 'random'}
};
m1 = new myClass();
m2 = new myClass();
m1.settings.name // 'random'
m2.settings.name // 'random'
m1.settings.name = 'Daniele'
m1.settings.name // 'Daniele'
m2.settings.name // 'Daniele' <- You might have expected 'random'
Fixing the issue is very straightforward and requires to move the properties on the prototype within the constructor.
I was about to propose a pull request when I realised that Facebook wasn't the only service suffering from this problem. At this point I think I'm not sure I can help you further. If you're happy for me to move all the properties on the prototype within the constructor, just let me know and I'll send you a pull request.
Thanks
Daniele
Hi,
npm version seem to be not updated with refresh_token implementation.
Thanks
consider changing
"node": "~0.4.12"
to
"node": ">=0.4.12"
in package.json since the ~ designates only v0.4.x
Great work! I like authom a lot and it is a breath of fresh air after working with passport.js.
OAuth redirect URI is expected to be HTTPS if the URL is not localhost.
Could you please provide an example how to set autom to listen to HTTPS redirects.
I'm using Authom like this:
app.use('/auth/:service', authom.app);
I'm trying to authentication with Google, which uses OAuth2. The redirect_uri
passed to Google contains /
instead of /auth/google
.
I think the problem is in oauth2.js where req.url
is used:
this.code.query.redirect_uri = url.format(req.url)
If I add these two lines above this, the problem is resolved:
req.url.pathname = req.baseUrl;
delete req.url.href;
Similar changes still need to be made later on for onCode
.
In any case, I think that originalUrl
needs to come into play here because /auth/google
isn't in req.url
. Is this the correct fix? I would submit a pull request, but since this is an as-documented usage of Authom, I wanted to make sure I wasn't doing anything wrong to begin with. Any insight is welcomed! Thanks.
When twitter emits an error like the following:
{ statusCode: 401,
data: '\n\n Invalid / expired Token\n /oauth/access_token\n\n' }
it triggers the following error:
Uncaught exception: TypeError: Object # has no method 'error'
cause of this:
authom.on('error', function(req, res, data) {
res.error("An error occurred: " + JSON.stringify(data))
});
cause the res object doesnt have the method "error".
Hello,
Today, I try to run my app that use authom on node 0.10.0. With OAuth2 Services it fails. I review API changes on new version of node at this page https://github.com/joyent/node/wiki/Api-changes-between-v0.8-and-v0.10 , and I change the inheritance method used by the recomend on this page. I need to add more change for pass my custom tests. I try with twitter, facebook, foursquare, instagram and github with sucess, but not extensive. The changes are in cartuchogl@5d40580
Tomorrow I try to do more tests.
meetup.js and twitter.js service files are not getting downloaded using:
npm install authom
https://developers.google.com/+/api/auth-migration#timetable
According to this the userinfo endpoint will be fully removed, which will break the google oauth.
I would like to allow users to create new accounts or use existing ones like Facebook for my app. Is this possible? Thanks
Could someone look over how I have configured Authom for my Sails app?
I created a policy called "authomAuth", which is "middleware" in Sails speak:
var authom = require('authom');
module.exports = function(req, res, next) {
authom.listener(req, res);
authom.on("auth", function(req, res, data) {
})
authom.on("error", function(req, res, data) {
})
console.log('Using authom policy');
return next();
};
I enabled the policy for the "AuthController" in the policy.config file
AuthController: {
'auth': 'authomAuth'
}
I then created a route as such:
'/auth/:service' : {
policy: 'authomAuth'
},
I have left out the forms for the meant time, is my configuration ok?
Thanks
when emitting an error like you used in twitter.js
if (error) return self.emit("error", req, res, uri.query)
you should emit the error message too, i think it would be good to tell the user why the error happened instead of just sending them the tokens.
Hi there,
We just had a big issue after installing 0.4.8 - all of our facebook authentications stopped working until we reverted to 0.4.7.
I'll investigate further and follow up on this ticket. - Wanted to drop a word on this if anyone experienced similar issues.
( I know I'm 3 months late since 0.4.8 - seems to be a weird edge case.)
Is there a particular reason why Twitter is missing, I just realized that it wasnt on your list and wanted to know if there is a special reason or perhaps no one is asking for it :(
Thank you and great job, I love authom and might be using in couple projects soon.
JB
Is it possible to incorporate setting the state parameter in the access token request? The scenario I am thinking of is when there is state related to the initial /auth request that is needed after the access token is granted. (ie. /auth/:service?rememberMeFlag=true). When the access token is requested, only the state parameter is allowed in the oauth spec for this purpose. Adding any other parameter directly to the url will cause an error with the called oauth service. Here is a reference article to help provide context. I am game for making the changes and sending a pull request but I would want a little guidance before I did this. Thanks.
http://stackoverflow.com/questions/7722062/google-oauth2-redirect-uri-with-several-parameters
https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
Any plan to address this? Should I make a PR? Would it be merged? Should I migrate away to something else?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.