/even-more-passport

How might I integrate Passport with access control and authentication?

Primary LanguageJavaScriptMIT LicenseMIT

Authentication and Authorization

This is a Sails example application to demonstrate authentication and authorization using Passport.js. This explains how a user can authenticate with a username and password. And also explains API authentication using bearer tokens.


Let us start by seeing things working! Clone this repo, install all the required modules and lift the app:

git clone https://github.com/sails101/even-more-passport.git
cd sails-auth-example
npm install
sails lift

I've added two controller actions: flash/home and flash/remotehome.

http://localhost:1337/flash/home cannot be accessed without logging in. You will be redirected to login page (http://localhost:1337/login). You can register for a new account at http://localhost:1337/register.

http://localhost:1337/flash/remotehome cannot be accessed without an API token. Hope you have already obtained your API token from flash/home. This should be present in the request in any of the following ways:

  1. As a query param: Example: http://localhost:1337/flash/remotehome?access_token=
  2. In the body: Example: access_token: <token>
  3. In the header: Example: Authorization: Bearer <token>

I am going to explain the step by step procedure for integrating Passport to your Sails app using a passport.js-based authentication generator called sails-generate-auth

Steps

Step 1. Install the following npm modules:

npm install sails-generate-auth --save
npm install passport-local --save
npm install passport --save
npm install bcryptjs --save
npm install validator --save

passport-local module is for local authentication strategy. passport, bcryptjs and validator and dependencies for passport and sails-generate-auth

Step 2. Now, all you have to do to integrate passport is to run the following command in your application:

sails generate auth

It automatically generates all the files needed by passport.

Step 3. Add the following routes to config/routes.rb

'get /login': 'AuthController.login',
'get /logout': 'AuthController.logout',
'get /register': 'AuthController.register',

'post /auth/local': 'AuthController.callback',
'post /auth/local/:action': 'AuthController.callback',

'get /auth/:provider': 'AuthController.provider',
'get /auth/:provider/callback': 'AuthController.callback',
'get /auth/:provider/:action': 'AuthController.callback',

Step 4. Next, change your config/bootstrap.js to load your Passport providers on startup by adding the following line:

sails.services.passport.loadStrategies();

You can see a detailed explanation of the steps until this in sails-generate-auth page.

Step 5. Modify config/sessionAuth.js to set the policy for controller actions:

module.exports = function(req, res, next) {
  if(req.user) return next();
  res.redirect('/login');
};

Step 6. Now, make the following changes in config/policies.js to apply the sessionAuth policy to controllers:

module.exports.policies = {
  '*': ['passport', 'sessionAuth'],
  'auth': {
    '*': ['passport']
  }
}

Here you are applying sessionAuth policy for all the controller actions except those in AuthController. Because auth actions like login, logout and register need to be accessed without logging in.

Now, lift your Sails application and see things in action!


For API authorization, add bearerAuth the policy for controller actions that are accessed via API in config/policies.js:

'flash': {
 'remoteHome': ['passport', 'bearerAuth']
},

And your API authorization should start working now!

If you have any questions or encounter any problems, feel free to raise an issue in this repo. I'll help you to resolve it.