
Passport strategy for Atlassian Crowd

Primary LanguageJavaScriptMIT LicenseMIT

Passport strategies for Atlassian Crowd NPM Version Build Status

Passport strategies for Atlassian Crowd. There have been many but this module has the following features

  • Written in modern day Javascript/ECMAscript
  • Supports HTTP Basic authentication using username and password OR SSO token transparently
  • Supports HTTP Bearer authentication using Crowd session tokens as bearer tokens
  • Returns user data formatted as common format and protocol for accessing contacts
  • Optional fetching of user group membership


This module provides the following Passport strategies


Authenticates user based on Crowd credentials passed in as Basic HTTP authorization header or Crowd session cookie.


HTTP Bearer authentication works by first retrieving a token by using credentials and then using that token in further requests.


Used to authenticate using credentials and creating bearer token.


Used to authenticate using bearer token.


Importing modules

ES modules

import {BasicStrategy} from '@natlibfi/passport-atlassian-crowd';

Node.js require

const {BasicStrategy} = require('@natlibfi/passport-atlassian-crowd');

Basic strategy


import express from 'express';
import passport from 'passport';
import {BasicStrategy} from '@natlibfi/passport-atlassian-crowd';

const app = express();


passport.use(new BasicStrategy({
    url: CROWD_URL, appName: CROWD_APP_NAME, appPassword: CROWD_APP_PASSWORD

app.get('/foo', passport.authenticate('atlassian-crowd-basic', {session: false}));


The configuration is passed in to the class constructor in an object which supports the following properties:

  • url: Crowd service URL
  • appName Crowd application name
  • appPassword: Crowd application password
  • ssoCookie (Optional): Name of the SSO cookie. Defaults to crowd.token_key.
  • fetchGroupMembership (Optional): Boolean indicating whether to retrieve group membership or not. Defaults to false.

Bearer strategies


import express from 'express';
import passport from 'passport';
import {BearerCredentialsStrategy, BearerTokenStrategy} from '@natlibfi/passport-atlassian-crowd';

const app = express();


passport.use(new BearerCredentialsStrategy({
    url: CROWD_URL, appName: CROWD_APP_NAME, appPassword: CROWD_APP_PASSWORD

passport.use(new BearerTokenStrategy({
    url: CROWD_URL, appPassword: CROWD_APP_NAME, appPassword: CROWD_APP_PASSWORD

app.post('/auth', passport.authenticate('atlassian-crowd-bearer-credentials', {session: false}));
app.get('/foo', passport.authenticate('atlassian-crowd-bearer-token', {session: false}));


The configuration is passed in to the class constructor in an object which supports the following properties:


  • url: Crowd service URL
  • appName Crowd application name
  • appPassword: Crowd application password


  • url: Crowd service URL
  • appName Crowd application name
  • appPassword: Crowd application password
  • fetchGroupMembership (Optional): Boolean indicating whether to retrieve group membership or not. Defaults to false.
  • useCache (Optional): Boolean indicating whether to cache tokens and user information. Cache entries will only be removed when token expires. Defaults to false.

User data format

  id: '<name>',
  name: {
    givenName: '<first-name>',
	familyName: '<last-name>'
  displayName: '<display-name>',
  emails: [{value: '<payload.email>', type: 'work'}],
  organization: []

And with fetchGroupMembership set to true:

  id: '<name>',
  name: {
    givenName: '<first-name>',
	familyName: '<last-name>'
  displayName: '<display-name>',
  emails: [{value: '<payload.email>', type: 'work'}],
  organization: [],
  groups: [

License and copyright

Copyright (c) 2019 University Of Helsinki (The National Library Of Finland)

This project's source code is licensed under the terms of MIT license