Node.js implementation for the OAuth2-based authentification process of the o2r web api.
This project includes a
Dockerfile which can be built and run with
docker build -t bouncer . docker run --rm -it -e DEBUG=* bouncer
Available environment variables
Define on which Port muncher should listen. Defaults to
Location for the mongo db. Defaults to
mongodb://localhost/. You will very likely need to change this.
Which database inside the mongo db should be used. Defaults to
What is the user level given to a new user upon registration? Defaults to
Authorization URL for the ORCID OAuth2 API. Defaults to
Token URL for the ORCID OAuth2 API. Defaults to
Scope for the ORCID API. Defaults to
The client ID for your instance.
The client secret for your instance.
HTTP(S) Proxy used for the OAuth process. This will be needed if your server is behind a proxy/firewall.
Authentication token for a bot app on Slack. See section Slack bot.
Token provided by Slack for interactive messages and events, to be used to verify that requests are actually coming from Slack.
Channel to post status messages to, defaults to
Channel to post messages on user events, defaults to
A regex to check Slack usernames, which are allowed to react to interactive messages. Defaults to
.*and the created regex is always case _in_sensitive. To allow specific users only, use e.g.
\\b(claerbout|peng|stodden)\\b(case insensitive match of full words
Use these parameters to configure testing of the OAuth configuration at startup by requesting the configured scope (default:
/read-public), both variables default to
Used exit codes
1Maximum attempts to connect to MondoDB reached
4OAuth credentials configuration missing
5OAuth startup test failed
Generating the client ID & secret
See the ORCID documentation on accessing the public API and signing-in with ORCID iD. As a redirect URI you need to set the path
/api/v1/auth/login, relative to your base URL. We highly recommend using
https. The client ID & secret then need to be provided as environment variables or directly saved to the
The bot needs the permissions to join channels and post to them.
Add the following scopes to the app in the section "OAuth & Permissions" in the bot's apps page.
While adding the app to your Slack organisation, make sure to allow the bot to post the the desired channel.
In the o2r bot app's configuration page for Interactive Messages on Slack, enter the following endpoints:
- Request URL: https://o2r.uni-muenster.de/api/v1/auth/slack/action
- Options Load URL: (currently not used!) https://o2r.uni-muenster.de/api/v1/auth/slack/options-load
Local bot development
Start ngrok with
ngrok http 8083 and enter the public endpoint pointing to your local server at https://api.slack.com/apps/A6J6CDLQK/interactive-messages. ngrok also has a useful web interface at http://127.0.0.1:4040/inspect/http on all incoming requests.
You must provide the required settings as environment variables, either at start time or via the debug configuration of your IDE.
To start bouncer with the required environment replace the respective settings with the actual values (check your ORCID iD page) and execute the following command.
DEBUG=* OAUTH_CLIENT_ID=clientid OAUTH_CLIENT_SECRET=secret SLACK_VERIFICATION_TOKEN=token SLACK_BOT_TOKEN=xoxb-token npm start
o2r bouncer is licensed under Apache License, Version 2.0, see file LICENSE.
Copyright (C) 2016 - o2r project.