Created
November 6, 2015 15:06
-
-
Save jsloyer/dc17b59505dbb9e67b66 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
app.use(cookieParser()); | |
var sessionStore = memoryStore; | |
//in future PR switch to redis or cloudant as a session store | |
app.use(expressSession({ secret: process.env.SECRET || "blah", | |
store: sessionStore, | |
resave: false, | |
saveUninitialized: false | |
})); | |
app.use(passport.initialize()); | |
app.use(passport.session()); | |
passport.serializeUser(function(user, done) { | |
done(null, user); | |
}); | |
passport.deserializeUser(function(obj, done) { | |
done(null, obj); | |
}); | |
var ssoConfig = appEnv.getService(new RegExp(".*" + "sso" +".*", "i")); | |
var client_id = ssoConfig.credentials.clientId; | |
var client_secret = ssoConfig.credentials.secret; | |
var authorization_url = ssoConfig.credentials.authorizationEndpointUrl; | |
var token_url = ssoConfig.credentials.tokenEndpointUrl; | |
var issuer_id = ssoConfig.credentials.issuerIdentifier; | |
var callback_url = "https://jeff-dev.mybluemix.net/auth/sso/callback"; | |
var OpenIDConnectStrategy = require('./passport-idaas-openidconnect').IDaaSOIDCStrategy; | |
var Strategy = new OpenIDConnectStrategy({ | |
authorizationURL : authorization_url, | |
tokenURL : token_url, | |
clientID : client_id, | |
scope: 'openid', | |
response_type: 'code', | |
clientSecret : client_secret, | |
callbackURL : callback_url, | |
skipUserProfile: true, | |
issuer: issuer_id}, | |
function(iss, sub, profile, accessToken, refreshToken, params, done) { | |
process.nextTick(function() { | |
profile.accessToken = accessToken; | |
profile.refreshToken = refreshToken; | |
done(null, profile); | |
}); | |
}); | |
passport.use(Strategy); | |
app.get('/auth/sso', passport.authenticate('openidconnect', {})); | |
function authenticate(req, res, next) { | |
if(!req.isAuthenticated()) { | |
req.session.originalUrl = req.originalUrl; | |
res.redirect('/auth/sso'); | |
} else { | |
return next(); | |
} | |
} | |
app.get('/auth/sso/callback',function(req,res,next) { | |
var redirect_url = req.session.originalUrl; | |
passport.authenticate('openidconnect', { | |
successRedirect: redirect_url, | |
failureRedirect: '/failure', | |
})(req,res,next); | |
}); | |
app.get('/failure', function(req, res) { | |
res.send('login failed'); }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment