SailsJs Authentication With sails-generate-auth + PassportJs + WSO2 Identity Server

// install sails.js from http://sailsjs.org/#/getStarted

sails generate new MySails
cd MySails/

npm install sails-generate-auth
sails generate auth
npm install git+https://github.com/jasonsims/passport-wso2.git#master
npm install passport
npm install bcryptjs
npm install validator
npm install sails-generate
npm install passport-twitter
npm install passport-github

subl api/controllers/MyController.js

module.exports = {
hi: function (req, res) {
return res.send("Hi there!");
}
};

subl config/passport.js

// delete other strategies and add the following

wso2: {
name: 'wso2',
protocol: 'oauth2',
strategy: require('passport-wso2').Strategy,
options: {
authorizationURL:"https://localhost:9444/oauth2/authorize",
tokenURL:"https://localhost:9444/oauth2/token",
clientID: '',
clientSecret: '',
callbackURL: 'http://localhost:1337/auth/wso2/callback',
userProfileURL:'https://localhost:9444/oauth2/userinfo?schema=openid',
scope:'openid'

}
}

subl config/bootstrap.js

module.exports.bootstrap = function(cb) {
cb();
sails.services.passport.loadStrategies();
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';// a workaround to prevent from Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]
};

subl config/policies.js

'*': [ 'passport' ]

subl config/routes.js

module.exports.routes = {
'get /login': 'AuthController.login',
'get /logout': 'AuthController.logout',
'get /register': 'AuthController.register',

'post /auth/local': 'AuthController.callback',
'post /auth/local/:action': 'AuthController.callback',

'get /auth/:provider': 'AuthController.provider',
'get /auth/:provider/callback': 'AuthController.callback',

'get /hi': 'MyController.hi',

'/': {
view: 'homepage'
}
};

subl api/policies/passport.js

module.exports = function (req, res, next) {
passport.initialize()(req, res, function () {
passport.session()(req, res, function () {
res.locals.user = req.user;
if(req.options.controller.indexOf('auth')>-1||req.user){
next();
}else{
return res.redirect('/login');
}
});
});
};

// login to https://localhost:9444/carbon/
// Main -> Identity -> Service Provider -> Add

// Service Provider Name:wso2

// Inbound Authentication Configuration -> OAuth/OpenID // Connect Configuration -> Configure

// Callback Url: http://localhost:1337/auth/wso2/callback

// press Add Button

// copy values of OAuth Client Key and OAuth Client Secret to config/passport.js

wso2:{
...
clientID: 'lgfG8KI6GTYz0GSHfFv8W9N6264a',
clientSecret: 'WjFfYGB9GgqV0FBjWFmKjtyWLCMa',
...

subl node_modules/passport-wso2/lib/profile.js

exports.parse = function(json) {
var _json = json;
var profile = {};

profile.id = _json.preferred_username;
profile.name = _json.name;
profile.displayName = _json.given_name + ' ' + _json.family_name;
profile.userName = _json.name;
var emails = [];
emails.push({value: _json.email, primary: true});
profile.emails = emails;

/*profile.id = String(_json.id);
profile.name = _json.name;
profile.displayName = _json.name.givenName + ' ' + _json.name.familyName;
profile.userName = _json.userName
profile.emails = _parseEmails(_json);
profile.groups = _json.groups;
*/

return profile;
};

sails lift

// in firefox, go to http://localhost:1337/hi
// you will see a login page, select wso2 and you will redirected to http://localhost:1337/auth/wso2and then you should be redirected to https://localhost:9444/authenticationendpoint/login.do

// enter admin and admin as username and password in login page, then you should see

// 'You are logged in as admin@carbon.super. wso2 requests access to your profile information '

// press Approve Button

// you will be redirected to http://localhost:1337/auth/wso2/callback to see the home page of the application

// enter http://localhost:1337/hi in firefox. now you can see it without redirecting to login page

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s