This module lets you authenticate against an instance of Dedicated Bluemix (via CloudFoundry's UAA server) in your Node.js applications. By plugging into Passport, the Dedicated Bluemix authentication can integrate into any application or framework that supports Connect-style middleware, including Express.
$ npm install passport-dedicated-bluemix
Before using passport-dedicated-bluemix
, you must register the application with your Dedicated Bluemix User Account and Authentication Service (UAA). If you have not already done so, client application registration can be found in here. As a side note, you will have to have some elevated permissions in your Bluemix instance to be able to register a client application with it's UAA server. Remember the client_id
and client_secret
to use with the passport strategy. In addition, the redirect_uri
will have to match the route in your application.
The Dedicated Bluemix authentication strategy authenticates users using a CloudFoundry UAA user account and OAuth 2.0 tokens. The strategy requires a verify
callback, which accepts these credentials and calls done
providing a user, as well as options
specifying a a user info URL, authorization URL, token URL, client ID, client secret, and callback URL.
passport.use(new BluemixDedicatedStrategy({
userInfoURL: 'https://uaa.<your bluemix domain>/userinfo',
authorizationURL: 'https://login.<your bluemix domain>/UAALoginServerWAR/oauth/authorize',
tokenURL: 'https://uaa.<your bluemix domain>/oauth/token',
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
callbackURL: "http://localhost:3000/auth/bluemix/callback"
},
(accessToken, refreshToken, profile, done) =>
User.findOrCreate({ userId: profile.id }, (err, user) =>
done(err, user));
));
Use passport.authenticate()
, specifying the 'dedicated-bluemix'
strategy, to authenticate requests.
For example, as route middleware in an Express application:
app.get('/auth/bluemix', passport.authenticate('bluemix-dedicated'));
app.get('/auth/bluemix/callback', passport.authenticate('bluemix-dedicated', { successRedirect: '/home', failureRedirect: '/login' }));
Developers using the popular Express web framework can refer to an example as a starting point for their own applications.
If you need additional permissions from the user, the permissions can be
requested via the scope
option to passport.authenticate()
.
app.get('/auth/bluemix', passport.authenticate('bluemix-dedicated', {
scope: 'cloud_controller.read+openid+cloud_controller_service_permissions.read'
}));
CloudFoundry's UAA server utilizes a state parameter that will be passed back to the /callback
route of your application. If you need to use this, the permissions can be
requested via the state
option to passport.authenticate()
.
app.get('/auth/bluemix', passport.authenticate('bluemix-dedicated', {
state: 'my-state-string',
}));