OAuth 2.0 identity provider for Webmaker
JavaScript CSS Other
Clone or download
gideonthomas Update to node 8 (#447)
* Update to Node 8 + server dependency updates

* Use custom validation mixin for client form

* Update CI config with new node version

* Try fixing SEGFAULT in phantomjs

* Now what?


* Return promise for tests

* Abstract login server start

* Fix host for tests

* Change host for tests to

* Debug tests

* Update hapijs/code

* Debug test 2

* Debug tests 3

* Update pg version

* Update hapi logging

* Improve logging
Latest commit 5d55ab2 Apr 11, 2018
Failed to load latest commit information.
docs Add response-type=token to login/oauth/authorize for single page apps Aug 10, 2015
lib Update to node 8 (#447) Apr 11, 2018
public minor changes Sep 12, 2017
templates Update to node 8 (#447) Apr 11, 2018
test Update to node 8 (#447) Apr 11, 2018
.eslintrc.json Update to node 8 (#447) Apr 11, 2018
.gitattributes make jscs and jshint work on windows w/o gulp. fixes #98. Apr 1, 2015
.gitignore oops Jun 23, 2017
.travis.yml Update to node 8 (#447) Apr 11, 2018
Procfile Add Heroku support Mar 28, 2015
README.md Merge pull request #430 from mozilla/readme-fix Jun 8, 2017
package.json Update to node 8 (#447) Apr 11, 2018
sample.env Redundant dependency: newrelic Feb 10, 2017
tests.env Update to node 8 (#447) Apr 11, 2018
webpack.config.js Update to node 8 (#447) Apr 11, 2018



OAuth 2.0 identity provider for Webmaker

Build Status Code Climate David-DM

id.webmaker.org is an application with a hapi backend and react frontend that serves as the OAuth 2.0 identity provider for Webmaker, as well as several other Mozilla Foundation applications.


Up and Running

  1. Fork and clone this repository
  2. Navigate to the directory of the repository, e.g. cd id.webmaker.org
  3. npm install to install dependencies
  4. npm start
  5. Navigate your browser to http://localhost:1234


To run all tests run the following command

npm test

Front end tests

Front end tests can be run via mocha-phantom with npm run test:browser. You can also see the tests run in a browser if you run the app and visit /assets/tests.

How to add a new component test

Simply add it to the folder containing your component. The browser test command automatically requires all files matching *.test.jsx in the templates/ folder.


This project requires several environment variables be configured before it is able to run. It uses a library called habitat to load configuration from a .env file, as well as process and cli configuration.

A sample.env file is included with this repository. Create a copy of sample.env named .env to use the default configuration. See the "Up and Running" section above for more instructions on how to do this.

You can customize these variables by editing the .env file in the root directory of the repository.

You can configure the following environment variables:

Variable About
HOST host for this server. defaults to
PORT port of this server, defaults to 0 (a random port above 1024)
LOGINAPI fully qualified login.wm.org URL e.g. https://user:password@login.webmaker.org
OAUTH_DB JSON array of oauth clients e.g. [{"client_id":"test", "client_secret":"test", "redirect_uri":"http://localhost:3000/account"}]
AUTH_CODES JSON Object containing oauth auth codes for testing purposes e.g. {"authcode": {"client_id": "test", "user_id": "test", "scopes":"user", "expiresAt": 1428342423255 }}
ACCESS_TOKENS JSON array of testing access tokens e.g. {access_token: 'testAccessToken', client_id: 'test', user_id: 'test', scopes: 'user', expires_at: 1428342423255 }
COOKIE_SECRET A String value used to encrypt session cookies
SECURE_COOKIES set to true to indicate that the user agent should transmit the cookie only over a secure channel
URI The URI where the server is reachable at, used for reset email links
GA_TRACKING_ID The tracking ID is a string like UA-000000-01 more
GA_DEBUG if set to 'on' will enable debug logging to the console in react-ga
OPTIMIZELY_ID Optimizely Project ID (not a secret) e.g. '206878104'
OPTIMIZELY_ACTIVE If set to 'yes' (String) the project will include Optimizely snippet in the page load
REDIS_URL URL of a redis server to use for caching. If unset, an in-memory cache will be used instead.

Using OAuth2

For information on creating an OAuth2 application that relies on this server, see docs/oauth.md.