auth-14

Works with auth-14-server as a client to manage user authentication and authorization on an express application.

Client

const express = require('express')
const Auth14 = require('auth-14')

const app = express()

const auth = new Auth14({
  appId: '<YourAppId>',
  appSecret: '<YourAppSecret>',
  providerUrl: 'https://auth.example.com',
  basePath: '/auth'
})

app.use(auth.serveLogin())

app.get('/public', (req, res) => res.send('Hello World! (public)'))

app.use(auth.requireAuthentication({
  ignoredPaths: [/^\/alsoPublic\//]
}))

app.get('/alsoPublic', (req, res) => res.send('Hello World! (alsoPublic)'))

app.get('/private', (req, res) => res.send(`Hello there ${req.user.firstName}!`))

app.listen(3000)

Do not serve auth14 from a subpath eg: app.use('/subpath', auth.serveLogin()). Rather, use the path config option new Auth14({... path: '/subpath/auth'}).

Access controls

Access controls can be implemented by modifying users' profiles. Each application defines what can be set on each of its user's profile and the auth-14 server UI will provide the right form for administrators.

Each user profile will then be available in express through req.user.profile and the application can then make grant/deny decisions based on the user's own profile.

Example

// call the following when the application starts
client.createProfileOptionIfNotExist({
  label: 'Terminal',
  key: 'terminal', // the profile object key. In this case, this will make req.user.profile.terminal available with the right option
  type: 'enum',
  multichoice: false, // optional. Defaults to false
})

// send data information to auth-14 so that admins have access to these
client.addProfileOptionValue('terminal', /*id*/ 123, /*label*/ 'Ouagadougou Container Terminal1')
client.addProfileOptionValue('terminal', /*id*/ 456, /*label*/ 'Ouagadougou Container Terminal2')


// by default, users will have access their profile set to the terminal which `id` is `123`
setProfileSettingDefaultOptionValue('terminal', /*id*/ 123)

API

client.createProfileOptionIfNotExist(opts)

Create a new option in the user profile. Auth14 administrators can then use that option to manage users.

client.createProfileOptionIfNotExist({
  id:string // unique identifier for this option
  label:string // the visible input name in Auth 14
  type:string // the data type of this entity. For now, only 'enum' is supported
  multichoice:boolean // Defaults to false. Whether a user can have multiple values selected of this option
})

client.deleteProfileOption(optionId:string)

Delete an existing profile option.

client.deleteProfileOption(optionId)

client.addProfileOptionValue(optionId, valueId, valueLabel)

Add a new available value to an option. If an option with the same ID already exists, it will throw an error.

client.addProfileOption(settingId:string, valueId:int, valueLabel:string)
// where valueId is a unique id within this option

client.removeProfileOptionValue(optionId, valueId)

Delete an existing profile option value. If a default value is set on the option, users will fallback to that default. You cannot delete an option value if it is the current default. You will need to explicitly delete or change the default option value prior to deleting it.

client.removeProfileOptionValue(optionId, valueId)

client.getProfileOption(optionId)

Returns a profile option and its list of available options.

client.getProfileOption(optionId)
// returns...
{
  label: 'Terminal',
  key: 'terminal',
  type: 'enum',
  multichoice: false,
  defaultValueId: 123,
  values: [{
    id: ...
  }]
}

client.setProfileOptionDefaultValue(optionId, valueId)

Set an option's default value. When setting it, any user that did not have the option set will have the default value set. Pass NULL as the valueId to remove the default option.

client.setProfileOptionDefaultValue(optionId, valueId)

TODO:

• redirect login on originally intended URL