Skip to content

Instantly share code, notes, and snippets.

@jsloyer

jsloyer/gist:dc17b59505dbb9e67b66

Created November 6, 2015 15:06
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save jsloyer/dc17b59505dbb9e67b66 to your computer and use it in GitHub Desktop.
Save jsloyer/dc17b59505dbb9e67b66 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
app.use(cookieParser());
var sessionStore = memoryStore;
//in future PR switch to redis or cloudant as a session store
app.use(expressSession({ secret: process.env.SECRET || "blah",
store: sessionStore,
resave: false,
saveUninitialized: false
}));
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
var ssoConfig = appEnv.getService(new RegExp(".*" + "sso" +".*", "i"));
var client_id = ssoConfig.credentials.clientId;
var client_secret = ssoConfig.credentials.secret;
var authorization_url = ssoConfig.credentials.authorizationEndpointUrl;
var token_url = ssoConfig.credentials.tokenEndpointUrl;
var issuer_id = ssoConfig.credentials.issuerIdentifier;
var callback_url = "https://jeff-dev.mybluemix.net/auth/sso/callback";
var OpenIDConnectStrategy = require('./passport-idaas-openidconnect').IDaaSOIDCStrategy;
var Strategy = new OpenIDConnectStrategy({
authorizationURL : authorization_url,
tokenURL : token_url,
clientID : client_id,
scope: 'openid',
response_type: 'code',
clientSecret : client_secret,
callbackURL : callback_url,
skipUserProfile: true,
issuer: issuer_id},
function(iss, sub, profile, accessToken, refreshToken, params, done) {
process.nextTick(function() {
profile.accessToken = accessToken;
profile.refreshToken = refreshToken;
done(null, profile);
});
});
passport.use(Strategy);
app.get('/auth/sso', passport.authenticate('openidconnect', {}));
function authenticate(req, res, next) {
if(!req.isAuthenticated()) {
req.session.originalUrl = req.originalUrl;
res.redirect('/auth/sso');
} else {
return next();
}
}
app.get('/auth/sso/callback',function(req,res,next) {
var redirect_url = req.session.originalUrl;
passport.authenticate('openidconnect', {
successRedirect: redirect_url,
failureRedirect: '/failure',
})(req,res,next);
});
app.get('/failure', function(req, res) {
res.send('login failed'); });
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment