This is a skeleton for an Aurelia client using spoonx/aurelia-auth for authorized access to a Strongloop loopback api server based on paul van bladel's aurelia-loopback-sample and aurelia-auth-sample. While being work in progress, any given release (should) work.
loopback-component-satellizer is used to handle third-party authorization on the server side.
Comments on aurelia or [spoonx/dev gitter] (https://gitter.im/SpoonX/Dev) and push requests welcome. ..
This version uses spoonx/aurelia-api and spoonx/aurelia-auth for authorized rest api access and has an admin role included.
git clone https://github.com/doktordirk/aurelia-auth-loopback-sample
cd aurelia-auth-loopback-sample
npm install
cd client
npm install
jspm install
Currently included is only facebook and google+, but twitter is also included in loopback-component-satellizer
You'll need a facebook developer account (developers.facebook.com). Add a new website app (skip quick start).
You'll find your facebook app credentials in Settings->Basic: App ID (which is public) and App Secret (which is private, so don't upload that one on github or alike). Set the website url there to eg http:/localhost. In Settings->Advanced in Client OAuth Settings->Valid OAuth redirect URIs add http:/localhost:4000. That's the default client address in this project.
Copy /server/component-config.local.json.bak to /server/component-config.local.json and add your facebook App Secret. Loopback applies *.local.json and *.local.js setting files after the default *.json or *.js. *.local.json and *.local.js are added to .gitignore as they should not be publicly uploaded.
Open /client/src/authConfig.js and add your public facebook clientId=App ID
Email verification after signup is enabled in server/model-config.json -> "user": { "options": {"emailVerificationRequired": true}}.
Currently included is gmail as email provider. Other options like sendMail are possible using Loopback components.
For loopback to send mails via gmail, you may (certainly) need to “Allow Less Secure Apps” in your gmail account. You also may need to “Allow access to your Google account”.
Copy /server/datasources.local.json.template to /server/datasources.local.json and add gmail username and password.
Copy /server/config.local.json.template to /server/config.local.json and set the admins email and password.
Currently the admin has nearly unlimited permission.
Install loopback-component-explorer with npm install loopback-component-explorer --save-dev to use the loopback api explorer (recommended, free registration needed).
Use npm install strongloop -g for the Strongloop suite (recommended).
In the root folder type:
npm start
This builds the aurelia-client and serves client and api. Open http://localhost:3000 to sign up or use the provided user email:user@example.com / password:none
/server
/common
A loopback api server with a user and a customer model with ACL.
user hasMany customers
customer belongsTo user
Unauthorized users only can list the customers. Authorized users additionally can manage their own customers. See the models in common/models. Users can signup & login with verified emails or third-party providers (facebook). After signup with email, a verification emails is send. Users can also request an email to reset their password.
A local file is used as database. Have a peek at mydata.json to gain some insight.
By default loopback uses session token for authorization.
/client
An aurelia client app with authorized pages for user profile and customer management and unauthorized pages for login, signup and customer listing.
More inforemation about the loopback server and the aurelia client code are in the ./doc folder.
Config settings are not used consitently.
- JWT / Switch to Passport
- Better scripts
- Email verification per pasting token
- Email templates
-
Aurelia Gitter chat
-
Spoonx/Dev Gitter Chat for aurelia-api/-auth/-notifications
-
Loopback Gitter Chat