Skip to content
/ passport-keystone Public

OpenStack Keystone authentication strategy for Passport and Node.js

License

MIT license
22 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eddywashere/passport-keystone

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
examples
examples
 
 
lib/passport-keystone
lib/passport-keystone
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

Passport-Keystone

OpenStack Keystone authentication strategy for Passport and Node.js

Installation

npm install passport-keystone

Example

Check out the live demo, source code here, to see an express app configured for authentication with the Rackspace Cloud Identity Service, an implementation of OpenStack Keystone Service. Also included in the example is the Proxy-Keystone middleware, a simple proxy for keystone service catalog endpoints.

Documentation

Authentication

The keystone authentication strategy authenticates users using a username and password from the POST body. The strategy requires a verify callback, which accepts these credentials and calls done providing a user that is attached to req.user.

passport.use(new KeystoneStrategy({
    authUrl: your.authUrl, // required
    usernameField: 'username', // optional
    passwordField: 'password' // optional
    region: your.region, // optional
    tenantId: your.tenantId // optional
  },
  function(user, done) {
    var user = {
      id: identity.user.id,
      token: identity.token.id,
      username: identity.user.name,
      serviceCatalog: identity.raw.access.serviceCatalog
    };
    return done(null, user);
  }
));

Need to set session expiration to token expiration?

The following example uses passReqToCallback to send the req object to next callback, where session expiration can be configured.

passport.use(new KeystoneStrategy({
    authUrl: your.authUrl, // required
    usernameField: 'username', // optional
    passwordField: 'password' // optional
    region: your.region, // optional
    tenantId: your.tenantId // optional
    passReqToCallback : true // allows us to interact with req object
}, function(req, identity, done) {
  if (!req.user) {
    var user = {
        id: identity.user.id,
        token: identity.token.id,
        username: identity.user.name,
        serviceCatalog: identity.raw.access.serviceCatalog
    };

    // Set session expiration to token expiration
    req.session.cookie.expires = Date.parse(identity.token.expires) - Date.now();

    done(null, user);
  } else {
      // user already exists
      var user = req.user; // pull the user out of the session
      return done(null, user);
  }
}));

Authenticate Requests

Use passport.authenticate(), specifying the 'keystone' strategy, to authenticate requests.

app.post('/login',
  passport.authenticate('keystone', { failureRedirect: '/login' }),
  function(req, res) {
    res.redirect('/');
  }
);

Example form markup

<form action="/login" method="post">
  <label>Username:</label>
  <input type="text" name="username"/><br/>
  <label>Password:</label>
  <input type="password" name="password"/>
  <input type="submit" value="Submit"/>
</form>

Example request via curl

curl -v -d "username=bob&password=secret" http://127.0.0.1:3000/login

Checkout Passportjs.org for more authentication examples.

About

OpenStack Keystone authentication strategy for Passport and Node.js

Resources

Readme

License

MIT license
Activity

Stars

22 stars

Watchers

4 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages