OpenStack Keystone authentication strategy for Passport and Node.js
Switch branches/tags
Nothing to show
Clone or download
Latest commit 036bf4a Nov 10, 2015

README.md

Passport-Keystone

OpenStack Keystone authentication strategy for Passport and Node.js

Installation

npm install passport-keystone

Example

Check out the live demo, source code here, to see an express app configured for authentication with the Rackspace Cloud Identity Service, an implementation of OpenStack Keystone Service. Also included in the example is the Proxy-Keystone middleware, a simple proxy for keystone service catalog endpoints.

Documentation

Authentication

The keystone authentication strategy authenticates users using a username and password from the POST body. The strategy requires a verify callback, which accepts these credentials and calls done providing a user that is attached to req.user.

passport.use(new KeystoneStrategy({
    authUrl: your.authUrl, // required
    usernameField: 'username', // optional
    passwordField: 'password' // optional
    region: your.region, // optional
    tenantId: your.tenantId // optional
  },
  function(user, done) {
    var user = {
      id: identity.user.id,
      token: identity.token.id,
      username: identity.user.name,
      serviceCatalog: identity.raw.access.serviceCatalog
    };
    return done(null, user);
  }
));

Need to set session expiration to token expiration?

The following example uses passReqToCallback to send the req object to next callback, where session expiration can be configured.

passport.use(new KeystoneStrategy({
    authUrl: your.authUrl, // required
    usernameField: 'username', // optional
    passwordField: 'password' // optional
    region: your.region, // optional
    tenantId: your.tenantId // optional
    passReqToCallback : true // allows us to interact with req object
}, function(req, identity, done) {
  if (!req.user) {
    var user = {
        id: identity.user.id,
        token: identity.token.id,
        username: identity.user.name,
        serviceCatalog: identity.raw.access.serviceCatalog
    };

    // Set session expiration to token expiration
    req.session.cookie.expires = Date.parse(identity.token.expires) - Date.now();

    done(null, user);
  } else {
      // user already exists
      var user = req.user; // pull the user out of the session
      return done(null, user);
  }
}));

Authenticate Requests

Use passport.authenticate(), specifying the 'keystone' strategy, to authenticate requests.

app.post('/login',
  passport.authenticate('keystone', { failureRedirect: '/login' }),
  function(req, res) {
    res.redirect('/');
  }
);

Example form markup

<form action="/login" method="post">
  <label>Username:</label>
  <input type="text" name="username"/><br/>
  <label>Password:</label>
  <input type="password" name="password"/>
  <input type="submit" value="Submit"/>
</form>

Example request via curl

curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login

Checkout Passportjs.org for more authentication examples.