up vote 0 down vote favorite

For an application I'm developing, it requires a lot of real-time processing so we've decided to go with Nodejs and using Express to build the application over something like Laravel.

The issue that I'm having is Authenticating the user. Since, we have an OAuth server (Built on Lumen) to authenticate users and provide an API for the mobile application. This application will be reading / writing data on its own and will not really be using the API.

Is it therefore possible to authenticate the user through our OAuth (Store the returned keys)? I'm looking for something similar to loginusingid in Laravel

share|improve this question
    
passportjs.org might support with some background on how you can authenticate to specify the question a little.. – R. Gulbrandsen Feb 15 at 8:39
    
@R. Gulbrandsen Apologies, I'm not understanding "specify the question a little" ? I am aware of passportjs however does this support authenticating using your own API? – Phorce Feb 15 at 8:41
    
The user's bearer token will be available in the request object and can be validated with either passport or custom middleware before each request gets executed. Short answer to your question is 'yes'. If you have a look at passport or docs about middleware, it would be easier to help you with some code :) – R. Gulbrandsen Feb 15 at 8:44
    
serializeUser, deserializeUser and the strategy are used to configure passport – R. Gulbrandsen Feb 15 at 8:45
    
@R.Gulbrandsen Got it. Looks like I can just use a library such as this (github.com/jaredhanson/passport-oauth2) authenticate the user and login! Thanks, I didn't realise these were out there. – Phorce Feb 15 at 8:50
up vote 1 down vote accepted

From github for oAuth2 with Passport https://github.com/jaredhanson/passport-oauth2

Configure the startegy 

passport.use(new OAuth2Strategy({
    authorizationURL: 'https://www.example.com/oauth2/authorize',
    tokenURL: 'https://www.example.com/oauth2/token',
    clientID: EXAMPLE_CLIENT_ID,
    clientSecret: EXAMPLE_CLIENT_SECRET,
    callbackURL: "http://localhost:3000/auth/example/callback"
  },
  function(accessToken, refreshToken, profile, cb) {
    User.findOrCreate({ exampleId: profile.id }, function (err, user) {
      return cb(err, user);
    });
  }
));

Now you can authenticate the endpoints either on a global scope

express.use(passport.authenticate('oauth2'));

or on a route specific location

app.get('/auth/example',
        passport.authenticate('oauth2'),
        function(req, res) {
   // Your code here
 });
share|improve this answer
    
sorry but I've just thought - how will I be able to pass the username/password using this library? The oauth server I'm using is through an API and therefore it doesn't have the authorise stuff – Phorce Feb 15 at 20:00
    
it should be returned when the application asks the oauth2 server to validate a token. – R. Gulbrandsen Feb 15 at 20:09
    
@R Gulbrandsen - thanks for the reply. We don't have /oauth/authorize/ for anything to be returned so I'm struggling to understand how it will return it with the API... In prior systems we just use /oauth/token passing in username/password this then gives us a token providing the username/password is ok – Phorce Feb 15 at 20:15
    
when your express app sends the token to the oauth server and it is a valid token, the oauth should return the user information. How to create your own oauth server is a bit large question for me to answer in a comment here. So please be specific with your questions :) – R. Gulbrandsen Feb 15 at 20:59
    
The point I'm trying make, is the fact that our OAuth server does not have /oauth2/authorize/ in it so therefore I cannot use this package. I'm using passport-oauth2-password-grant which works fine, however, I am unable to retrieve the 'profile' because I only get a token and a refresh token. Therefore, should I get the token back and then call the API to get the user? – Phorce Feb 16 at 11:22

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.