Auth
This service allows you to authenticate users with an OIDC or CAS server.
#
Features- Handle OIDC and CAS servers in a single package
- Integrate easily with Moleculer's ApiGateway
- Handle local logout and remote logout
#
Dependencies#
Install#
UsageTo protect the different routes, you will need to configure the authenticate
and authorize
methods of the ApiGatewayService to call AuthService's respective actions.
For more information, please see the official Moleculer documentation about authorization and authentication.
It is important that you do not put the AuthService as a dependency of the ApiGatewayService, because the ApiGatewayService is a dependency of AuthService, and you will get a circular dependencies loop.
#
Client loginFrom the frontend, redirect the user to this URL:
http://localhost:3000/auth/?redirectUrl=...
After login, the user will be redirected to the provided redirectUrl
, and to this URL will be added the JWT token as a query string. You should store it and remove it like this:
#
Client logoutFrom the frontend, redirect the user to this URL:
http://localhost:3000/auth/logout?redirectUrl=...
If you wish to logout the user remotely (on the SSO), you can do:
http://localhost:3000/auth/logout?global=true&redirectUrl...
#
ActionsThe following service actions are available:
impersonate
#
Generate a JWT token for a given user.
#
ParametersProperty | Type | Default | Description |
---|---|---|---|
webId | String | required | URI of the user to impersonate |
#
ReturnA JWT token you can use in your app.
#
Eventsauth.registered
#
Sent when a new user registers.
#
ParametersProperty | Type | Description |
---|---|---|
webId | String | URI of the user |
profileData | Object | Data of the user's webId profile |
authData | Object | Data returned by the OIDC or CAS provider |
auth.connected
#
Sent when an user connects.
#
ParametersProperty | Type | Description |
---|---|---|
webId | String | URI of the user |
profileData | Object | Data of the user's webId profile |
authData | Object | Data returned by the OIDC or CAS provider |