使用Node.js进行用户认证和OAuth应用程序认证
节点身份验证服务器
授权服务器由Node实现。
参考资料
-
ref1: here
ref2: here
ref3: here here
源代码
-
github
开始
安装mongoDB(Mac)
# install
brew install mongodb
# mongoDB auto start
ln -sfv /usr/local/opt/mongodb/*.plist ~/Library/LaunchAgents
launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mongodb.plist
在Linux上使用yum安装MongoDB。
-
make repository file
[mongodb]
name=MongoDB Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/
gpgcheck=0
enabled=1
-
install and run
sudo yum install -y mongodb-org
sudo chkconfig mongod on
sudo service mongod start
安装Node(如果尚未安装)
brew install node
npm install -g n
n stable
安装node(Linux)(如果尚未安装)
yum install nodejs npm --enablerepo=epel
npm install -g n
n stable
安装全局的 Node 模块
npm install -g node-inspector gulp nodemon pm2
如何调试应用程序
git clone ...
cd node-auth-server
npm install
gulp
如何运行应用程序
export NODE_ENV=production
pm2 start server.js --name="node-auth-server" --watch
功能
-
User Authentification by id/pass
basic authenticate/form authenticate
Application Authorization by clientid/clientsecret
OAuth2.0 grant code flow
Management page for User/Role/Client and so on.
教程
首先,根据管理层的观点设置
-
http://localhost:9999/
Default User
username: admin
password: admin
默认用户是在config/*.json中定义的。
注册客户
-
for regist oauth2 client, select ‘Manage Client’ from Menu first.
-
click add button
-
regist client.
we suppose set your hostname which callback after authorization to domain(redirect url)
-
after client registed, application secret is shown. please note this for oauth connection.
获取Oauth代码
-
After registed client, you can get Access Token by web api.
first, you have to get oauth2 code.
open browser and input following url.
http://localhost:9999/api/oauth2/authorize?client_id=example&response_type=code&redirect_uri=http://localhost:9999&scope=username role fullName email phone image
-
authorization page opened, click ‘aoorove and continue’
-
see url bar in your browser.
url includes oauth code like http://localhost:9999/code=mf7IOpFpY8kb6g5B
note the code
将Oauth代码交换为访问令牌
-
please open postman.
url: /api/oauth2/token
method: POST
header:
Authorization: Basic [converted base64 string ‘clientid:client secret’]
body
code: mf7IOpFpY8kb6g5B
您之前做了一个记录—设置了OAuthCode。
-
grant_type: authorization_code
-
if ok, return access token by json
请注意,OAuth代码只能使用一次。
如果您再试一次,请返回到浏览器重新获取OAuth代码。
通过accessToken获取个人资料信息
-
url: /api/profile
method: GET
header
Authorization: Bearer
授权类型
授权码
-
see Tutorial
资源所有者密码凭证
将用户名和密码交换成访问令牌。
-
url: /api/oauth2/token
method: POST
header
Authorization: Basic clientid:clientsecret
body
grant_type: password
username: user id
password: user password
scope: scopes
客户凭据
将client_id/client_secret换成AccessToken。
-
url: /api/oauth2/token
method: POST
header
Authorization: Basic clientid:clientsecret
body
grant_type: client_credentials
scope: username,role,fullName,email,phone
刷新令牌
-
url: /api/oauth2/token
method: POST
header
Authorization: Basic clientid:clientsecret
body
grant_type: refresh_token
refresh_token: refresh token
应用程序接口 (APIs)
添加用户
-
url: /api/users
method: POST
header
Authorization: Bearer
body
username: user id
password: user password
fullName: user full name
roles: user roles(Array)
添加客户
-
url: /api/clients
method: POST
header
Authorization: Bearer
body
name: client(application) name
id: client(application) id
domain: client(application) domain e.g)hostname
