feat: authentication improvements

server/modules/authentication/oidc/authentication.js

@@ -0,0 +1,35 @@
+const _ = require('lodash')
+
+/* global WIKI */
+
+// ------------------------------------
+// OpenID Connect Account
+// ------------------------------------
+
+const OpenIDConnectStrategy = require('passport-openidconnect').Strategy
+
+module.exports = {
+  init (passport, conf) {
+    passport.use('oidc',
+      new OpenIDConnectStrategy({
+        authorizationURL: conf.authorizationURL,
+        tokenURL: conf.tokenURL,
+        clientID: conf.clientId,
+        clientSecret: conf.clientSecret,
+        issuer: conf.issuer,
+        callbackURL: conf.callbackURL
+      }, (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) => {
+        WIKI.models.users.processProfile({
+          id: jwtClaims.sub,
+          provider: 'oidc',
+          email: _.get(jwtClaims, conf.emailClaim),
+          name: _.get(jwtClaims, conf.usernameClaim)
+        }).then((user) => {
+          return cb(null, user) || true
+        }).catch((err) => {
+          return cb(err, null) || true
+        })
+      })
+    )
+  }
+}

server/modules/authentication/oidc/definition.yml

@@ -0,0 +1,16 @@
+key: oidc
+title: Generic OpenID Connect
+description: OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
+author: requarks.io
+logo: https://static.requarks.io/logo/oidc.svg
+website: http://openid.net/connect/
+useForm: false
+props:
+  clientId: String
+  clientSecret: String
+  authorizationURL: String
+  tokenURL: String
+  issuer: String
+  userInfoUrl: String
+  emailClaim: String
+  usernameClaim: String