Skip to content

Loading…

Document how to create a strategy #9

Open
magnetik opened this Issue · 1 comment

2 participants

@magnetik

Hi,

I'm trying to developp a WebID (http://webid.info/spec) strategy using my WebID node module (https://github.com/magnetik/node-webid).

As you can see in my demo (https://github.com/magnetik/node-webid-demo), the verification only require a X509 certificate in parameter :

        var verifAgent = new webid.VerificationAgent(certificate);
        verifAgent.verify(function (success, result) {

Maybe some documentation on how to developp a strategy on the wiki would be usefull.

Thanks

@jaredhanson
Owner

Cool. I've been meaning to investigate WebID.

The purpose of the verify function in the strategy is intended to allow the application to take a credential or identity and look up the corresponding user record. It's not to be confused with the verify function you have in node-webid to verify the WebID identity.

Looking over the demo code, I'd say that the FOAF result (or something contained within it) is probably what should be supplied to the strategy verify callback. Rough cut:

verifAgent.verify(function (success, result) {
  if (success) {
    var foaf = new webid.Foaf(result);
    // call the app-supplied verify callback
    self._verify(foaf, function(err, user) {
      if (err) { return self.error(err); }
      if (!user) { return self.fail(); }
      self.success(user);
    });
  }
}

This way, the app gets a chance to look at the authenticated WebID, find or create a user record, and apply any policies (black-list, etc.).

I'll write this up more formally, and add it to the guide. In the meantime, I think looking at Passport-OpenID will be a better starting place for your implementation.

Excited to see WebID support in Passport! Ping me anytime with questions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.