npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@gigster/module-loopback-authentication

v1.1.13

Published

Role | Name | Email | Slack ---- | ---- | ----- | ----- *Product Owner* | Ryan Borker | [[email protected]](mailto:[email protected]) | [@borker] *Maintainer* | Jerome Curlier | [[email protected]](mailto:[email protected]) | [@jerome] *Contributor* |

Downloads

36

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

Keywords

Readme

loopback-authentication

Role | Name | Email | Slack ---- | ---- | ----- | ----- Product Owner | Ryan Borker | [email protected] | [@borker] Maintainer | Jerome Curlier | [email protected] | [@jerome] Contributor | Casey Barbello | [email protected] | [@casey] Contributor | Mark Miyashita | [email protected] | [@mark]

Overview

This module provides authentication and authorization for Loopback.

The module is a wrapper around the Loopback Passport component. Please therefore review this component documentation to learn about this module.

The module provides integration between LoopBack and Passport to support third-party login and account linking for LoopBack applications.

loopback-component-passport

See also the Github for the component and the sample application, aw well the Loopback documentation.

Usage

  - name: loopback-authentication
    location: >-
      https://github.com/liquidlabs-co/gig-modules/tree/master/block/loopback-authentication
    spec:
      generateTests: true
      webEnabled: true
      defaultDatasource: fileDs
      defaultEmailDatasource: email
      emailVerificationRequired: false
      emailSender: [email protected]
      verifyEmailSubject: Thanks for Registering
      resetEmailSubject: Password Reset
      providers:
        local: {}
        facebook-login:
          clientID: FACEBOOK_CLIENT_ID
          clientSecret: FACEBOOK_CLIENT_SECRET

Specification

Name | Status ---- | ----- generateTests | Whether the module should generate a test suite for authentication webEnabled | Whether the sample web interface is enabled on the Loopback application defaultDatasource | Default datasource to be used by the model when no datasource is defined for them defaultEmailDatasource | Default email datasource emailVerificationRequired | Wether the email verification is required emailSender | The email address of the sender for the email reset and verification verifyEmailSubject | The email subject for the email verification resetEmailSubject | The email subject for the password reset providers | The configuration of the oauth providers - any value provide will replace the default value provided by providers.json - see the documentation Configuring providers from Loopback

Note: Any value for the provider will be interpreted as an environment variable name.

Endpoints

The module enable all the endpoints related to the security operations:

Endpoint | Method | Description ---- | ---- | ----- POST /users/login | login | Login a user with username/email and password POST /users/logout | logout | Logout a user with access token POST /users/change-password | changePassword |Change a user's password POST /users/reset | resetPassword | Reset password for a user with email. POST /users/reset-password | setPassword | Reset user's password via a password-reset token GET /users/confirm | confirm | Confirm a user registration with identity verification token POST /users/{id}/verify | prototype.verify | Trigger user's identity verification with configured verifyOptions

Dependencies

The loopback-authentication depends on the loopback-models module.

The following npm packages are added/updated by the module:

npm | version ---- | ----- body-parser | ^1.18.2 connect-ensure-login | ^0.1.1 cookie-parser | ^1.4.3 express-flash | 0.0.2 express-session | ^1.7.6 jade | ^1.7.0 loopback | ^3.15.0 loopback-boot | ^2.26.2 loopback-component-explorer | ^5.2.0 loopback-component-passport | ^2.3.0 passport | ^0.2.2 passport-facebook | ^1.0.3 passport-google-oauth | ^0.1.5 passport-ldapauth | ^0.4.0 passport-local | ^1.0.0 passport-oauth2 | ^1.4.0 passport-twitter | ^1.0.4 serve-favicon | ^2.4.5 strong-error-handler | ^2.3.0

All the Loopback packages are updated to the latest version to contain the security fixes.

Templates

There are two email templates for user verification and password reset. These are customizeable EJS files (verify.ejs and reset.ejs) located in /api/template. They are used by verify.js and reset.js located in /api/models/user. You may send custom fields to your EJS files by adding them to options in verify.js and ejs.render() in reset.js.

Tests

Module tests are defined using a test/scenarios.yaml file. This file defines the set of example gigs that we generate as part of integration testing. To run all tests, run yarn test at the root of this module.

Each scenario is generated in test/scenario/<name> which you can then cd into and run the actual app. For a scenario called default, this is done via:

cd test/scenario/default
yarn install

# Run tests.
yarn test

# Start the app.
yarn start

Generation

Models

The module ntributes the following models to the project.

Model | Description ---- | ----- accessToken | Token based authentication and access control role | A group of principals with the same permissions roleMapping | Assign principals to roles userIdentity | The UserIdentity model keeps track of third-party login profiles. Each user identity is uniquely identified by provider and externalId. The UserIdentity model has a belongsTo relation to the User model. userCredential | UserCredential has the same set of properties as UserIdentity. It’s used to store the credentials from a third party authentication/authorization provider to represent the permissions and authorizations of a user in the third-party system.

Boot

The authentication.js generated in the boot folder enables authentication for the Loopback authentication.

Configuration

The following configuration are added to the Loopback config.json:

  • emailSender
  • verifyEmailSubject
  • resetEmailSubject
  • webEnabled
  • emailVerificationRequired

Scenario

Facebook auhtentication

  1. Configure gig.yaml to setup Facebook authentication
  - name: loopback-authentication
    location: >-
      https://github.com/liquidlabs-co/gig-modules/tree/master/block/loopback-authentication
    spec:
      generateTests: true
      webEnabled: true
      defaultDatasource: fileDs
      defaultEmailDatasource: email
      emailVerificationRequired: false
      emailSender: [email protected]
      verifyEmailSubject: Thanks for Registering
      resetEmailSubject: Password Reset
      providers:
        local: {}
        facebook-login:
          clientID: FACEBOOK_CLIENT_ID
          clientSecret: FACEBOOK_CLIENT_SECRET
  1. Create an application on Facebook
  • Navigate to Facebook App Management
  • Add a new application, for example gdt-test
  • Select to set up the Facebook Login product
  • Select web for the authentication
  • Enter http://localhost:3000 for the site URL

We are done with the Facebook application tutorial to add an application and set up a product.

  • Under Products > Facebook Login > Settings, set the valid OAuth redirect URIs to http://localhost:3000 and save changes
  • Under dashboard, you shoud now have your App ID and App Secret, they map to FACEBOOK_CLIENT_ID and FACEBOOK_CLIENT_SECRET environment variables respectively.

Now we can generate nd then test the api

  • Generate the project
  • In the api folder, install the application and then start it passing the emvironment variables, something like DEBUG=gdt:loopback:authentication FACEBOOK_CLIENT_ID=******* FACEBOOK_CLIENT_SECRET=******* npm start
  • Navigate to http://localhost:3000/auth/facebook and accept to link the application

You should get a json containing the access token. You can now use the access token to connect to the API endpoint using its value in an Authorization header.

Troubleshooting

DEBUG=gdt:loopback:authentication npm start