forked from mohd7469/oauth2orize-examples
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathauth.js
111 lines (102 loc) · 3.85 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
/**
* Module dependencies.
*/
var passport = require('passport')
, LocalStrategy = require('passport-local').Strategy
, BasicStrategy = require('passport-http').BasicStrategy
, ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy
, BearerStrategy = require('passport-http-bearer').Strategy
, db = require('./db')
/**
* LocalStrategy
*
* This strategy is used to authenticate users based on a username and password.
* Anytime a request is made to authorize an application, we must ensure that
* a user is logged in before asking them to approve the request.
*/
passport.use(new LocalStrategy(
function(username, password, done) {
db.users.findByUsername(username, function(err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (user.password != password) { return done(null, false); }
return done(null, user);
});
}
));
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
db.users.find(id, function (err, user) {
done(err, user);
});
});
/**
* BasicStrategy & ClientPasswordStrategy
*
* These strategies are used to authenticate registered OAuth clients. They are
* employed to protect the `token` endpoint, which consumers use to obtain
* access tokens. The OAuth 2.0 specification suggests that clients use the
* HTTP Basic scheme to authenticate. Use of the client password strategy
* allows clients to send the same credentials in the request body (as opposed
* to the `Authorization` header). While this approach is not recommended by
* the specification, in practice it is quite common.
*/
passport.use(new BasicStrategy(
function(username, password, done) {
db.clients.findByClientId(username, function(err, client) {
if (err) { return done(err); }
if (!client) { return done(null, false); }
if (client.clientSecret != password) { return done(null, false); }
return done(null, client);
});
}
));
passport.use(new ClientPasswordStrategy(
function(clientId, clientSecret, done) {
db.clients.findByClientId(clientId, function(err, client) {
if (err) { return done(err); }
if (!client) { return done(null, false); }
if (client.clientSecret != clientSecret) { return done(null, false); }
return done(null, client);
});
}
));
/**
* BearerStrategy
*
* This strategy is used to authenticate either users or clients based on an access token
* (aka a bearer token). If a user, they must have previously authorized a client
* application, which is issued an access token to make requests on behalf of
* the authorizing user.
*/
passport.use(new BearerStrategy(
function(accessToken, done) {
db.accessTokens.find(accessToken, function(err, token) {
if (err) { return done(err); }
if (!token) { return done(null, false); }
if(token.userID != null) {
db.users.find(token.userID, function(err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
// to keep this example simple, restricted scopes are not implemented,
// and this is just for illustrative purposes
var info = { scope: '*' }
done(null, user, info);
});
} else {
//The request came from a client only since userID is null
//therefore the client is passed back instead of a user
db.clients.findByClientId(token.clientID, function(err, client) {
if(err) { return done(err); }
if(!client) { return done(null, false); }
// to keep this example simple, restricted scopes are not implemented,
// and this is just for illustrative purposes
var info = { scope: '*' }
done(null, client, info);
});
}
});
}
));