OpenStack Keystone authentication strategy for Passport and Node.js
This project is a fork of Passport-Keystone.
Passport-Keystone supports up to v2.x . Passport-Keystone-v3 supports up to v3.x.
npm install passport-keystone-v3
The keystone authentication strategy authenticates users using a username and password and optional domainName
from the POST body. The strategy requires a verify
callback, which accepts these credentials and calls done
providing a user that is attached to req.user
.
passport.use(new KeystoneStrategy({
authUrl: your.authUrl, // required
usernameField: 'username', // optional
passwordField: 'password', // optional
domainNameField: 'domainName', // optional
region: your.region, // optional
tenantId: your.tenantId // optional
},
function(user, done) {
var user = {
id: identity.user.id,
token: identity.token.id,
username: identity.user.name,
serviceCatalog: identity.raw.access.serviceCatalog
};
return done(null, user);
}
));
The following example uses passReqToCallback
to send the req
object to next callback, where session expiration
can be configured.
passport.use(new KeystoneStrategy({
authUrl: your.authUrl, // required
usernameField: 'username', // optional
passwordField: 'password' // optional
domainNameField: 'domainName', // optional
region: your.region, // optional
tenantId: your.tenantId // optional
passReqToCallback : true // allows us to interact with req object
}, function(req, identity, done) {
if (!req.user) {
var user = {
id: identity.user.id,
token: identity.token.id,
username: identity.user.name,
serviceCatalog: identity.raw.access.serviceCatalog
};
// Set session expiration to token expiration
req.session.cookie.expires = Date.parse(identity.token.expires) - Date.now();
done(null, user);
} else {
// user already exists
var user = req.user; // pull the user out of the session
return done(null, user);
}
}));
Use passport.authenticate()
, specifying the 'keystone'
strategy, to
authenticate requests.
app.post('/login',
passport.authenticate('keystone', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
}
);
Example form markup
<form action="/login" method="post">
<label>Username:</label>
<input type="text" name="username"/><br/>
<label>Password:</label>
<input type="password" name="password"/>
<input type="submit" value="Submit"/>
</form>
Example form markup for Keystone V3.x with domain support
<form action="/login" method="post">
<label>Username:</label>
<input type="text" name="username"/><br/>
<label>Password:</label>
<input type="password" name="password"/>
<label>Domain Name:</label>
<input type="text" name="domainName"/>
<input type="submit" value="Submit"/>
</form>
Example request via curl
curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login
Example request via curl for Keystone V3.x with domain support
curl -v -d "username=bob&password=secret&domainName=my_domain" http://127.0.0.1:3000/login
Checkout Passportjs.org for more authentication examples.