Skip to content

Instantly share code, notes, and snippets.

@emerson-pereira

emerson-pereira/single-sign-on-open-connect.js

Created April 17, 2019 00:47
Show Gist options
  • Save emerson-pereira/20f22d9ce59906a31bb736f157405004 to your computer and use it in GitHub Desktop.
Save emerson-pereira/20f22d9ce59906a31bb736f157405004 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
single-sign-on-open-connect.js
const express = require('express');
const session = require('express-session');
const passport = require('passport');
const cookieParser = require('cookie-parser');
const fs = require('fs');
const https = require('https');
const cfenv = require('cfenv');
const axios = require('axios');
const settings = require('./settings.js');
require('dotenv').config();
// work around intermediate CA issue
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
const app = express();
const isEnvDev = process.env.NODE_ENV === 'development';
if (isEnvDev) {
const key = fs.readFileSync('key.pem')
const cert = fs.readFileSync('cert.pem')
const options = { key, cert }
https.createServer(options, app)
.listen(3000, () => {
console.log(`Running on https://localhost:3000`)
})
app.use(function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
});
}
else {
const appEnv = cfenv.getAppEnv()
app.listen(appEnv.port, function() {
console.log(`Running on port ${appEnv.url}`);
})
}
app.use(cookieParser());
app.use(session({
resave: 'true',
saveUninitialized: 'true',
secret: process.env.SSO_SESSION_SECRET
}));
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((obj, done) => {
done(null, obj);
});
const OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;
const Strategy = new OpenIDConnectStrategy({
authorizationURL: settings.authorization_url,
tokenURL: settings.token_url,
clientID: process.env.SSO_CLIENT_ID,
scope: 'openid',
response_type: 'code',
clientSecret: process.env.SSO_CLIENT_SECRET,
callbackURL: settings.callback_url,
skipUserProfile: true,
issuer: settings.issuer_id
}, (iss, sub, profile, accessToken, refreshToken, params, done) => {
process.nextTick(() => {
profile.accessToken = accessToken;
profile.refreshToken = refreshToken;
done(null, profile);
})
});
passport.use(Strategy);
const ensureAuthenticated = (req, res, next) => {
if (!req.isAuthenticated()) {
req.session.originalUrl = req.originalUrl;
res.redirect('/login');
} else {
return next();
}
}
app.get('/login', passport.authenticate('openidconnect', {}));
app.get('/logout', (req, res) => {
req.session.destroy();
req.logout();
});
app.get('/sso/auth/callback', (req, res, next) => {
const redirect_url = req.session.originalUrl;
passport.authenticate('openidconnect', {
successRedirect: redirect_url,
failureRedirect: '/failure',
})(req,res,next);
});
app.get('/failure', (req, res) => {
res.send('login failed');
});
app.get('/user', async (req, res) => {
const user = req.user && req.user._json
if (user) {
const bluepagesEndpoint = `https://someApiEndpoint/mail=${user.emailAddress}`;
const { data: bluepagesData } = await axios.get(bluepagesEndpoint);
const deptObj = bluepagesData
.search
.entry[0]
.attribute
.find(a => a.name === 'dept');
const dept = !!deptObj.value.length && deptObj.value[0];
const userData = {
name: `${user.firstName} ${user.lastName}`,
email: user.emailAddress,
id: user.uid,
dept
};
res.json({
success: true,
data: userData
});
}
else {
res.json({
success: false,
data: null
});
}
});
app.use('/', ensureAuthenticated, express.static('public'));
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment