Identity Provider based on the First Lego League Module Standard
Run using node server.js
or npm run start
The JWT IdP is based upon the redirect binding in SAML, but simpler:
- The Service Provider(SP), weather using the SP library or not, redirects the user to the Identity Provider(IdP) login URL
<idp_url>/login?callbackUrl=<sp_callbackUrl>
. - The IdP authenticates the user and pulls its details out of the mongodb. NOTICE There is no verification on the callbackUrl parameter, or on the refferer of the redirection, and thereafore anyone can ask to use the IdP without authentication, but without the secret the IdP has, the SP cannot be sure the response was correct and protected.
- The IdP redirects to the callbackUrl parameter, adding to it the parameter
token
with the value of the JWT of the user, signed with the secret. The secret must be shared across servers upon startup.
- Fork this repository
- make some changes
- create a Pull Request
- Wait for a CR from the code owner
- make sure everything is well
- merge
A few things to notice while developing:
- Use
yarn
notnpm
- Follow javascript standard as described here
- Keep the service lightweight
- Don't break API if not neccessary, and if you do, change the SP library accordingly.
- Be creative and have fun