Authentication micro-service on Node.js.
The application is a REST API service with database and messaging service (Bus) dependencies.
- Node.js
- MongoDB/Mongoose
- Express.js
- Passport.js
- Official nsqjs driver for NSQ messaging service
The service should be properly configured with following environment variables.
Key | Value | Description |
---|---|---|
HOST_NAME | auth.yourdomain.com | Callback hostname. |
HOST_PORT | 80 | Callback host port. |
MONGODB_CONNECTION | mongodb://mongo_host:mongo_port/auth | MongoDB connection string. |
TOKEN_ACCESSSECRET | MDdDRDhBOD*** | Access token secret. |
TOKEN_REFRESHSECRET | NUQzNTYwND*** | Refresh token secret. |
TOKEN_EXCHANGESECRET | RTgd5yeR*** | Exchange token secret. |
TWITTER_CONSUMERKEY | YOUGHA9Fk5*** | Twitter consumer key. |
TWITTER_CONSUMERSECRET | XSAxmecNLh*** | Twitter consumer secret. |
GOOGLE_CLIENTID | 1856830825*** | Google client id. |
GOOGLE_CLIENTSECRET | KhFDFfy91k*** | Google client secret. |
VK_CLIENTID | 503*** | VK client id. |
VK_CLIENTSECRET | XIYUHNUZXX*** | VK client secret. |
FACEBOOK_CLIENTID | 9357215664*** | Facebook client id. |
FACEBOOK_CLIENTSECRET | 0dd6dd8d74*** | Facebook client secret. |
NSQD_ADDRESS | bus.yourdomain.com | A hostname or an IP address of the NSQD running instance. |
NSQD_PORT | 4150 | A TCP port number of the NSQD running instance to publish events. |
PORT | 8080 | Container port. |
ADMIN_EMAIL | email@mail.com | Admin email. |
ADMIN_PASSWORD | p@ssword | Admin password. |
The service generates events to the Bus (messaging service) in response to API requests.
Creating new account event.
{
id: "56aa4524de9e523c21b4205d", // User id
role: "user", // User role
created: "2016-01-28T16:43:16Z", //Date of user created
membersip: {
id: 1232334, // Inner provider id or user email
provider: "vkontakte", // Provider name
email: "president@kremlin.com", // User email
name: "Putin V.V." // User name
}
}
User deleting account event.
{
id: "56aa4524de9e523c21b4205d" // User id
}
User merging accounts event.
{
toUserId: "56aa4524de9e523c21b4205d", // User id merging to
fromUserId: "56af511dae77431819981ba2" // User id merging from
}
User unmerging event.
{
id: "56aa4524de9e523c21b4205d" // User id
membership: {
id: 123456, // Inner provider id or user email
provider: "facebook" // Provider name
}
}
User login event.
{
{
id: "56aa4524de9e523c21b4205d", // User id
role: "user", // User role
created: "2016-01-28T16:43:16Z", //Date of user created
membersip: {
id: 1232334, // Inner provider id or user email
provider: "vkontakte", // Provider name
email: "president@kremlin.com", // User email
name: "Putin V.V." // User name
}
}
See on http://passportjs.org
Registers user by email.
Param | Description |
---|---|
password | Password |
HTTP | Value |
---|---|
StatusCode | 201 |
Body | {"accessToken": "eyJ0eXAiOiJKV1...", "refreshToken": "ciOiJIU..."} |
Signs in user by email.
Body Param | Description |
---|---|
password | Password |
HTTP | Value |
---|---|
StatusCode | 200 |
Body | {"accessToken": "eyJ0eXAiOiJKV1...", "refreshToken": "ciOiJIU..."} |
Set cookie with callback uri.
You should use withCredentials: true parameter with your Ajax request to allow browser set cookies.
Body Param | Description | Example |
---|---|---|
callbackUri | Uri for redirect after OAuth signin | http://yourdomain.com |
HTTP | Value |
---|---|
StatusCode | 201 |
Registers or signs in user via Facebook.
Facebook redirects to /facebook/callback, then auth-api redirects to callbackUri with query params:
[callbackUri]?refresh_token=ciOiJIU...&access_token=yJ0eXAiOiJKV1...
Registers or signs in user via Twitter.
Twitter redirects to /twitter/callback, then auth-api redirects to callbackUri with query params:
[callbackUri]?refresh_token=ciOiJIU...&access_token=yJ0eXAiOiJKV1...
Registers or signs in user via Google.
Google redirects to /google/callback, then auth-api redirects to callbackUri with query params:
[callbackUri]?refresh_token=ciOiJIU...&access_token=yJ0eXAiOiJKV1...
Registers or signs in user via Vk.
Vk redirects to /vk/callback, then auth-api redirects to callbackUri with query params:
[callbackUri]?refresh_token=ciOiJIU...&access_token=yJ0eXAiOiJKV1...
Updates access & refresh tokens.
Header | Value |
---|---|
Authorization | "JWT [refreshToken]" |
HTTP | Value |
---|---|
StatusCode | 200 |
Body | {"accessToken": "eyJ0eXAiOiJKV1...", "refreshToken": "ciOiJIU..."} |
Signs out current user.
Header | Value |
---|---|
Authorization | "JWT [refreshToken]" |
HTTP | Value |
---|---|
StatusCode | 200 |
Deletes all sessions for current user.
Header | Value |
---|---|
Authorization | "JWT [refreshToken]" |
HTTP | Value |
---|---|
StatusCode | 200 |
Merges two accaunts.
Param | Description |
---|---|
token1 | Access token first account |
token2 | Access token second account |
HTTP | Value |
---|---|
StatusCode | 200 |
Unmerges social account.
Header | Value |
---|---|
Authorization | "JWT [accessToken]" |
Param | Description |
---|---|
provider | Provider name ('facebook', 'google', etc.) |
id | Id from provider |
HTTP | Value |
---|---|
StatusCode | 200 |
Gets user info.
Header | Value |
---|---|
Authorization | "JWT [accessToken]" |
HTTP | Value |
---|---|
StatusCode | 200 |
Body | { "id": user_id, "email": user_email, "memberships": [{id, provider, token, email, name}, ...] } |
Deletes user account.
Header | Value |
---|---|
authorization | "JWT [accessToken]" |
HTTP | Value |
---|---|
StatusCode | 200 |
Creates exchange token and set cookies for it.
Header | Value |
---|---|
Authorization | "JWT [refreshToken]" |
HTTP | Value |
---|---|
StatusCode | 200 |
Set-Cookie | exchangeTokenCookie=kJ936pY1CqQO2tNpPeRu... |
Body | {"exchangeToken": "eyJ0eXAiOiJKV1..."} |
Get new access & refresh tokens. Need cookies for verifying request. Clear exchangeTokenCookie after success request.
Header | Value |
---|---|
Authorization | "JWT [exchangeToken]" |
Cookie | exchangeTokenCookie=kJ936pY1CqQO2tNpPeRu... |
HTTP | Value |
---|---|
StatusCode | 200 |
Body | {"accessToken": "eyJ0eXAiOiJKV1...", "refreshToken": "ciOiJIU..."} |
Source code is under GNU GPL v3 license.