feat: Generic OAuth2 authentication implementation (#3094)
* OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code
This commit is contained in:
parent
813df21020
commit
87084c66b0
54
server/modules/authentication/oauth2/authentication.js
Normal file
54
server/modules/authentication/oauth2/authentication.js
Normal file
@ -0,0 +1,54 @@
|
||||
const _ = require('lodash')
|
||||
|
||||
/* global WIKI */
|
||||
|
||||
// ------------------------------------
|
||||
// OAuth2 Connect Account
|
||||
// ------------------------------------
|
||||
|
||||
const OAuth2Strategy = require('passport-oauth2').Strategy
|
||||
|
||||
module.exports = {
|
||||
init (passport, conf) {
|
||||
var client = new OAuth2Strategy({
|
||||
authorizationURL: conf.authorizationURL,
|
||||
tokenURL: conf.tokenURL,
|
||||
clientID: conf.clientId,
|
||||
clientSecret: conf.clientSecret,
|
||||
userInfoURL: conf.userInfoURL,
|
||||
callbackURL: conf.callbackURL,
|
||||
passReqToCallback: true,
|
||||
}, async (req, accessToken, refreshToken, profile, cb) => {
|
||||
try {
|
||||
const user = await WIKI.models.users.processProfile({
|
||||
providerKey: req.params.strategy,
|
||||
profile: {
|
||||
...profile,
|
||||
id: _.get(profile, conf.userId),
|
||||
displayName: _.get(profile, conf.displayName, ''),
|
||||
email: _.get(profile, conf.emailClaim)
|
||||
}
|
||||
})
|
||||
cb(null, user)
|
||||
} catch (err) {
|
||||
cb(err, null)
|
||||
}
|
||||
})
|
||||
|
||||
client.userProfile = function (accesstoken, done) {
|
||||
this._oauth2._useAuthorizationHeaderForGET = true;
|
||||
this._oauth2.get(conf.userInfoURL, accesstoken, (err, data) => {
|
||||
if (err) {
|
||||
return done(err)
|
||||
}
|
||||
try {
|
||||
data = JSON.parse(data)
|
||||
} catch(e) {
|
||||
return done(e)
|
||||
}
|
||||
done(null, data)
|
||||
})
|
||||
}
|
||||
passport.use('oauth2', client)
|
||||
}
|
||||
}
|
55
server/modules/authentication/oauth2/definition.yml
Normal file
55
server/modules/authentication/oauth2/definition.yml
Normal file
@ -0,0 +1,55 @@
|
||||
key: oauth2
|
||||
title: OAuth2
|
||||
description: OAuth 2.0 protocol.
|
||||
author: requarks.io
|
||||
logo: https://static.requarks.io/logo/oauth2.svg
|
||||
color: blue-grey darken-2
|
||||
website: https://oauth.net/2/
|
||||
isAvailable: true
|
||||
useForm: false
|
||||
props:
|
||||
clientId:
|
||||
type: String
|
||||
title: Client ID
|
||||
hint: Application Client ID
|
||||
order: 1
|
||||
clientSecret:
|
||||
type: String
|
||||
title: Client Secret
|
||||
hint: Application Client Secret
|
||||
order: 2
|
||||
authorizationURL:
|
||||
type: String
|
||||
title: Authorization Endpoint URL
|
||||
hint: Application Authorization Endpoint URL
|
||||
order: 3
|
||||
tokenURL:
|
||||
type: String
|
||||
title: Token Endpoint URL
|
||||
hint: Application Token Endpoint URL
|
||||
order: 4
|
||||
userInfoURL:
|
||||
type: String
|
||||
title: User Info Endpoint URL
|
||||
hint: User Info Endpoint URL
|
||||
order: 5
|
||||
userId:
|
||||
type: String
|
||||
title: ID
|
||||
hint: User ID
|
||||
default: id
|
||||
order: 6
|
||||
displayName:
|
||||
type: String
|
||||
title: Display Name
|
||||
hint: Field containing display name
|
||||
default: displayName
|
||||
maxWidth: 500
|
||||
order: 7
|
||||
emailClaim:
|
||||
type: String
|
||||
title: Email Claim
|
||||
hint: Field containing the email address
|
||||
default: email
|
||||
maxWidth: 500
|
||||
order: 8
|
Loading…
Reference in New Issue
Block a user