Public | Automated Build

Last pushed: a year ago
Short Description
Short description is empty for this repo.
Full Description

Secure Data Portal for community-based organizations (CBO's)

Overview

The authorization sequence begins when your application redirects a browser to a CBO api URL; the URL includes query parameters that indicate the type of access being requested. As in other scenarios, CBO api server handles user authentication, session selection, and user consent. The result is an authorization code, which api returns to your application in a query string.

After receiving the authorization code, your application can exchange the code (along with a client ID and client secret) for an access token and, in some cases, a refresh token.

Node.js client library for Oauth2.

The URL used when authenticating a user ishttp://<domain>:<port>/api/oauth2/authorize.

Requirements

You need to have installed Node.js and MongoDB

Installation

To install dependencies enter project folder and run following command:

$ npm install

Install the client library using git:

$ git clone https://github.com/PSESD/CBO-Portal-Auth.git
$ cd CBO-Portal-Auth
$ npm install

Getting started

The following examples configuration in JSON format.

Install in your app src directory, and add/edit the default config file.

$ mkdir src/config
$ vi src/config/development.json

{
  "host": "<domain>",
  "token": {
    "expires_in": 3600
  },
  "db": {
    "mongo": {
      "host": "<mongodb host>",
      "name": "<mongodb name>"
    }
  },
  "session": {
    "secret" : "<secret>",
    "saveUninitialized": true,
    "resave": true
  },
  /**
   * Cross Domain Setting
   */
  "cross": {
    "enable": true,
    "allow_origin" : null, // default: "*",
    "allow_headers" : null// default: Origin, X-Requested-With, Content-Type, Accept
  },
  "salt": "<salt>",
  /**
   * Logger
   */
  "rollbar": {
    "access_token" : "<rollbar token>"
  }
}

Edit config overrides for production deployment:

$ vi src/config/production.json

{
      "host": "<domain>",
      "token": {
        "expires_in": 3600
      },
      "db": {
        "mongo": {
          "host": "<mongodb host>",
          "name": "<mongodb name>"
        }
      },
      "session": {
        "secret" : "<secret>",
        "saveUninitialized": true,
        "resave": true
      },
      /**
       * Cross Domain Setting
       */
      "cross": {
        "enable": true,
        "allow_origin" : null, // default: "*",
        "allow_headers" : null// default: Origin, X-Requested-With, Content-Type, Accept
      },
      "salt": "<salt>",
      /**
       * Logger
       */
      "rollbar": {
        "access_token" : "<rollbar token>"
      }
    }

Use configs in your code:

var config = require('./lib/utils').config();
...
var dbConfig = config.get('db.mongo.host');
db.connect(dbConfig, ...);

if (config.has('salt')) {
  var salt = config.get('salt');
  ...
}

config.get() will throw an exception for undefined keys to help catch typos and missing values.
Use config.has() to test if a configuration value is defined.

Start your app server:

Run server:

$ cd src && npm start

Run server with environment test:

$ cd src && npm test

Run Unit Test:

$ cd src && mocha

Configurations

CBO OAuth2 accepts an object with the following valid params.

  • client_id - Required registered Client ID.
  • redirect_uri - One of the redirect URIs.
  • grant_type - Defined in the OAuth 2.0 specification, this field must contain a value of authorization_code.

Contributing

Fork the repo on github and send a pull requests with topic branches. Do not forget to
provide specs to your contribution.

Running specs

  • Fork and clone the repository (dev branch).
  • Run npm install for dependencies.
  • Run npm start to start server.
  • Run npm test to start server with env test.

Tools used

httpie - command line HTTP client

Make Requests

Register a new user

$ http POST http://localhost:3000/api/users email=test password=your_password last_name=your_last_name

User add a new client

$ http -a test:your_password POST http://localhost:3000/api/clients client_id=client name=client redirect_uri=http://localhost:3000

User get authorised page

$ http -a test:your_password GET http://localhost:3000/api/oauth2/authorize client_id==client response_type==code redirect_uri==http://localhost:3000

User should be able to authorise an access code

$ http -a test:your_password -f POST http://localhost:3000/api/oauth2/authorize transaction_id=<transaction_id>

Use access code to get a token

$ http -a <clientKey>:<secretKey> -f POST http://localhost:3000/api/oauth2/token code=<accessCode> grant_type=authorization_code redirect_uri=http://localhost:3000
Response:
{
    "access_token": "o1K60GNC2OiN9K67IUi9wpxj93Swr3NJ4lOgtC3N9iSJDHs14ue9dOcyzoA8tsf2aY6O11tc9ncEJItQ43ABPyunO6fDBNrPIRYz6JPCjv5l9qBiPrX9n8FIlPfzvYxED5wJRrx37jkn16ItOgK520cL0fZwShW23QsmdNA1m3wQRao8pxFDqhlVkqvcEWuqidgmD6GA7r90CjomgInREnIjVViMB6dkYVhcprKKvP8amZtGnT8st29ZtvgDH3Qh",
    "refresh_token": "DposMi6lpOVyrZirrjGjPMRyiXeXvWy7PlrtMS5G4aUyJtCNMNzAfnCxZiNI5uxO4h7xYPGzsuf2smVMBDKvDRy9ce4Iu2X8aumhyFPf0BC8cF9WmoOJ4dBDId4ybtBOCrNj7VYMPB6kf0MAht06ZhD5wzJi9gY3B7zq01Bq4qfKonasH1ObjggNNZcptVpYJiwiwyWSsJVowR0T64rg9fkm6qAFirpoGVj5cOm0CZd2kc1QcuJqXX60lteVYk4b",
    "expires_in": 3600,
    "token_type": "Bearer"
}

Use refresh token to get a token

$ http -a client:secret -f POST http://localhost:3000/api/oauth2/token grant_type=refresh_token refresh_token=<refresh_token>
Response:
{ 
   access_token: 'yjqVyVCSdTZwpqousI61znj4cvKl3JxMWVGkXGJtOdmngjvLMTGfqKDNSj6t8ANFNv0rQXw5c8epJRtU10iqY0im8cHyBLaGDCkXrbjoC0JZjKL9qRYPmqkr1SKybwkhVvYNJaNHjwPD4QPbzIPyPNBXmonifZPbIAEqfBiWheofl5fGLMZ2CCdi9NGx7CAuhWYUKPLwaNkiHql4OUHiTeSY5m2sU2LBrlHZyroAnz4IglJLvcS5ns4UGIsXCLno',
  refresh_token: 'Wp7kxGgZpGykAmvtQK54r0vYjsrvwE9UaeUV5pVXtB6uUGKbvuOPzkd2t6LZHZoJqCAmycR658FMe4BCPCqKhebJ6UG1jhFz8AqBcggqd4x9oR8KwdUjCHgYzrFfjJKflS80ytOJHonRN4Dhnp9vkg73E8aNqTVdR8Qfz8pstIeUXO7nUE9VzDE9gnJOBeinZAV0BcMyi7kED8tPxkVQTwitdL1zCJlgCPYxu1gaKMce2dXXlFoeSvBkwGBdglr4',
  expires_in: 3600,
  token_type: 'Bearer'
}

For application, we can use client credentials to request a token:

Client Credentials to get a token

Here I'll show how to test Authorization Server with the grant type of Client Credentials.
References from the RFC:
Client Credentials
Client Credentials Grant

$ http -a <clientKey>:<secretKey> -f POST http://localhost:3000/api/oauth2/token grant_type=client_credentials
Response:
{
    "access_token": "3AF0u9-45VsWqALaaY7TomzW6zbU17Bl0J.2s5D62pd406yX8IF9zzt5vIoFWL3EGhKQgBO", 
    "token_type": "Bearer"
}

Use access token to get a user api end point

$ http GET http://localhost:4000/organizations x-cbo-client-url:http://<organizationUri> authorization:"Bearer <access_token>"
Response:
{
    "_links": {
        "self": {
            "href": "/organizations"
        }
    }, 
    "data": [
        {
            "__v": 0, 
            "_id": "<organizationId>", 
            "addresses": [
                {
                    "_id": "<addressId>", 
                    "address_line": "<address_line>", 
                    "address_type": "<address_type>", 
                    "city": "<city>", 
                    "country": "<country>", 
                    "location": {
                        "accuracy": "<accuracy>", 
                        "latitude": <latitude>, 
                        "longitude": <longitude>
                    }, 
                    "state": "<state>", 
                    "venue": "<venue>", 
                    "zip": "<zip>"
                }
            ], 
            "authorizedEntityId": 2, 
            "created": "2016-03-04T08:58:32.457Z", 
            "description": null, 
            "externalServiceId": 5, 
            "last_updated": "2016-03-04T08:58:32.457Z", 
            "name": "Organization Name", 
            "personnelId": null, 
            "url": "<organizationUri>", 
            "website": "<organizationUri>"
        }
    ], 
    "success": true, 
    "total": 1
}

Coding guidelines

Follow github guidelines.

Feedback

Use the issue tracker for bugs.
Mail us
for any idea that can improve the project.

Links

Authors


Contributors

Special thanks to the following people for submitting patches.

Changelog

See CHANGELOG

Copyright

Copyright (c) 2015

This project is released under the MIT License.

Docker Pull Command
Owner
upwardstech
Source Repository

Comments (0)