Stateless authentication microservice for "login-with" functionality, supporting:
- GitHub
- ... more to come (PRs welcome)
This microservice must run in a subdomain of yours, e.g. login.yourdamain.com
.
<a href='https://login.yourdomain.com/twitter?success=ON_SUCCESS_URL&failure=ON_FAILURE_URL>
Login with Twitter
</a>
On successfull login two cookies will be created:
token
- A "JSON Web Token" (JWT) containing profile information and the respective access tokens (Twitter/etc). http-only!profile
- A JSON string which containing non-sensitive information (accessible from browser JS):username
- string / mandatory, the account specific user alias (e.g. Twitter name)photo
- string / pptional, the account specific user image linkname
- string / optional, the "real" name
The cookies will be available for your toplevel domain and all subdomains. In addition, the cookie's secure
flag is set, which means
that your other websites/webservices must run over https
.
The configuration is done by means of environment variables.
LW_SESSION_SECRET
- The session secret used by the microserviceLW_JWT_SECRET
- The secret to sign the JSON Web Token (JWT)LW_SUBDOMAIN
- The subdomain this microservice runs, e.g.login.yourdomain.com
. All other subdomains (e.g.api.yourdomain.com
) and the top-level (e.g.yourdomain.com
)
LW_COOKIE_MAXAGE
- The max age of the store cookie, defaults to 10 daysLW_PROFILE_COOKIENAME
- The profile's cookie name, defaults toprofile
LW_JWT_COOKIENAME
- The JSON Web Token's (JWT) cookie name, defaults tojwt
You need to create your own GitHub OAuth application. If LW_SUBDOMAIN=login.yourdomain.com
your Authorization callback URL
must be: https://login.yourdomain.com/github/callback
LW_GITHUB_CLIENTID
- Your GitHub Client IDLW_GITHUB_CLIENTSECRET
- Your GitHub Client Secret
You need to create your own Facebook login application. If LW_SUBDOMAIN=login.yourdomain.com
your allowed redirects
must be: https://login.yourdomain.com/facebook/callback
LW_FACEBOOK_APPID
- Your Facebook App IDLW_FACEBOOK_APPSECRET
- Your Facebook App Secret
You need to create your own GitHub OAuth application. If LW_SUBDOMAIN=login.yourdomain.com
your Authorization callback URL
must be: https://login.yourdomain.com/reddit/callback
LW_REDDIT_CLIENTID
- Your Reddit Client IDLW_REDDIT_CLIENTSECRET
- Your Reddit Client Secret
You need to create your own Twitter OAuth application. If LW_SUBDOMAIN=login.yourdomain.com
your Authorization callback URL
must be: https://login.yourdomain.com/twitter/callback
LW_TWITTER_CONSUMERKEY
- Your Twitter Consumer KeyLW_TWITTER_CONSUMERSECRET
- Your Twitter Consumer Secret
/twitter
- login with Twitter account (if configured through env variables)/github
- login with GitHub account (if configured through env variables)/reddit
- login with Reddit account (if configured through env variables)/logout
- logout and clears the respective cookies
All endpoints expect the query parameteres:
success
A url to redirect to in case of successful login (useencodeURIComponent
for proper escaping)failure
A url to redirect to in case of failed login (useencodeURIComponent
for proper escaping)
Don't forget to encodeURIComponent
on them.
Visit login-with.now.sh. The source code is here.
- Create your secrets for the environment variables
- Deploy, e.g. with now
now -e NODE_ENV=production -e LW_SUBDOMAIN=login.yourdomain.com -e LW_SESSION_SECRET=@lw-session-secret \
-e LW_JWT_SECRET=@lw-token-secret \
-e LW_REDDIT_CLIENTID=@lw-reddit-clientid -e LW_REDDIT_CLIENTSECRET=@lw-reddit-clientsecret \
-e LW_GITHUB_CLIENTID=@lw-github-clientid -e LW_GITHUB_CLIENTSECRET=@lw-github-clientsecret \
-e LW_TWITTER_CONSUMERKEY=@lw-twitter-consumerkey -e LW_TWITTER_CONSUMERSECRET=@lw-twitter-consumersecret \
--alias login.yourdomain.com