Kong/guardian Kong/guardian

  • Stars
    star
    640
  • Rank 67,704 (Top 2 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created about 11 years ago
  • Updated about 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Kong/guardian
github

Kong

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Remove the OAuth dance with one request.

Guardian

Guardian was created with love by nijikokun and is maintained by Mashape, who also maintain the open-source API Gateway Kong.

##Summary

Avoid dealing with OAuth logic in your code, and spend more time creating your product. Guardian reduces the OAuth footprint in your code to a single request.

Built with modularity in mind, Guardian leverages plugins to handle OAuth flows, should you encounter a flow that Guardian doesn't handle, create a small flow plugin to do so and carry on. Guardian comes with 5 pre-made plugins that cover 99% of OAuth services.

Not to mention, Guardian is perfect for both production and testing. Services like Github require you to enter a single callback url, this is fine when in production, but move to another environment and soon you'll have conflicts, require building complex services to juggle environment scenarios and more. Guardian is centralized and easily configurable to allow multiple environments giving you the flexibility you need.

Requirements

Install

  1. Install Redis

  2. Globally install Guardian

    $ npm install -g guardian

Usage

$ guardian

Configuration

Configuration files are loaded from the current working directory of where you call Guardian. Should no configuration argument be passed ./config/default.js is loaded.

$ guardian -c <relative configuration path>

Options

Property Default Description
host localhost:3000 Public IP or Domain Name, used to generate the callback uri.
protocol http Host Protocol
port 3000 Server Port
workers require('os').cpus().length Number of forked instances of the Guardian server to run, suggested amount is CPU count.
pid.dir ./ .guardian.pid file output directory, for production we suggest placing this under the /home/<user>/ directory, requires trailing slash.
redis.host 127.0.0.1 Host redis can be reached on
redis.port 6379 Port redis is current running on
redis.pass Redis password
redis.expire 60 Guardian store expiration timeout in Seconds
cookie.secret Guardian cookie secret
session.secret Guardian session secret

Routes

Guardian HTTP API for handling authentication flows.

Storage

POST /store

Stores information given, returns a session hash to be used later on. Information stored lives for 60 seconds by default, change redis.expire to alter timeout duration.

Parameters

OAuth 2

Details specific to OAuth2

Key Default Description
client_id OAuth Client Identifier
client_secret OAuth Client Secret
grant_type Common values (dependant on OAuth flow used): authorization_code, client_credentials, password, refresh_token, ...
access_name access_token Access token name
authorize_method Bearer Optional - Authorization header method, some possible values: Bearer, OAuth, Digest
state State identifier, depends on provider
scope OAuth request scopes, depends on provider
OAuth 1

Details specific to OAuth 1.0a

Key Default Description
consumer_key OAuth Consumer Identifier
consumer_secret OAuth Consumer Secret
signature_method HMAC-SHA1 OAuth Header encryption method, possible values: PLAINTEXT, HMAC-SHA1, RSA-SHA1
oauth_token Optional; OAuth Token. Used in OAuth 1.0a 1-Legged (Resource request)
Plugin (required)

Parameters combined to create the plugin file name.

Key Default Description
auth_type oauth Authentication type, a-z characters accepted only.
auth_flow Optional; Authentication flow, would be echo, owner_resources, etc... a-z characters accepted only.
auth_version Optional; Authentication version, for OAuth 2, we would use 2, numeric only.
auth_leg Optional; Authentication leg, for OAuth 2 (3-legged), we would use 3, numeric only.

For example, plugins/oauth_2_3-legged.js (OAuth 2, 3-legged), would look like:

{
  ...
  auth_type: 'oauth',
  auth_version: 2,
  auth_leg: 3
  ...
}
General
Key Description
request_url Authentication Request Url, e.g. https://github.com/login/oauth/request_url
access_url Authentication Access Url, e.g. https://github.com/login/oauth/access_token
authorize_url Authentication Authorization Url, e.g. https://github.com/login/oauth/authorize
callback Authentication Callback URL on requesting server to obtain access_token and access_secret, e.g. http://localhost:3001/callback

Example

Request:

> POST https://<guardian-host>/store

{
  client_id: 'Client Identifier',
  client_secret: 'Client Secret',
  access_name: 'access_token',
  authorize_url: 'https://github.com/login/oauth/authorize',
  access_url: 'https://github.com/login/oauth/access_token',
  request_url: 'https://github.com/login/oauth/request_url',
  auth_type: "oauth",
  auth_version: 2,
  auth_leg: 3,
  callback: "http://localhost:3001/callback"
}

Response:

< 200 OK
< Header: Content-Type=application/json

{
  hash: '<guardian session hash>',
  url: 'https://<guardian-host>/start?hash=<guardian session hash>'
}

Hash Check

GET /hash-check

Allows you to preview / verify your stored information in-case of error or malformed response.

Once again, stored information by default lasts only 10 seconds.

Parameters

Key Description
hash Guardian session hash obtained from Storage

Start

GET /start?hash=<guardian store hash>

Redirecting the client to this route starts the Guardian authentication steps, Each steps are done with 302 response code and should be followed.

Parameters

Key Description
hash Guardian session hash obtained from Storage
OAuth 1.0a

Used in the OAuth 1.0a Signature Process for 1-Legged requests. Example.

Key Description
url Request URL, query parameters will be parsed from here as well as parameters property.
method Request Method.
body Request Payload / Body.
parameters Request Parameters for Request Signatures or etc...

Tests & Examples

Each test in the test folder is based on an API or feature of guardian rather than TDD or BDD based tests, we verify successful authentication and we can retrieve information while authenticated from the API using tokens Guardian provides.

In this manner the tests also serve as very good examples of how to use Guardian.

To run one of these test you'll need to have keys ready and run the following command:

$ node tests/<provider name>.js \
  -k {Your Consumer/Client Key/Id} \
  -s {Your Consumer/Client Secret} \
  -h {host, ie: localhost or domain}

Then visit the server running on port 3001 to start the authentication process.

License

MIT

More Repositories

1

kong

🦍 The Cloud-Native API Gateway and AI Gateway.
Lua
37,159
star
2

insomnia

The open-source, cross-platform API client for GraphQL, REST, WebSockets and gRPC.
JavaScript
30,407
star
3

unirest-java

Unirest in Java: Simplified, lightweight HTTP client library.
Java
2,560
star
4

kubernetes-ingress-controller

🦍 Kong for Kubernetes: The official Ingress Controller for Kubernetes.
Go
2,127
star
5

swrv

Stale-while-revalidate data fetching for Vue
TypeScript
2,048
star
6

mockbin

Mock, Test & Track HTTP Requests and Response for Microservices
JavaScript
1,988
star
7

mashape-oauth

OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2,3-Legged, 1.0a, Echo, XAuth, and 2.0
JavaScript
1,781
star
8

docker-kong

πŸ’ Docker distribution for Kong
Shell
1,351
star
9

unirest-php

Unirest in PHP: Simplified, lightweight HTTP client library.
PHP
1,282
star
10

httpsnippet

HTTP Request snippet generator for many languages & libraries
TypeScript
1,061
star
11

unirest-nodejs

Unirest in Node.js: Simplified, lightweight HTTP client library.
JavaScript
954
star
12

unirest-python

Unirest in Python: Simplified, lightweight HTTP client library.
Python
432
star
13

deck

decK: Configuration management and drift detection for Kong
Go
419
star
14

apiembed

Embeddable API code snippets for your website, blog or API documentation
Pug
402
star
15

unirest-ruby

Unirest in Ruby: Simplified, lightweight HTTP client library.
Ruby
365
star
16

unirest-obj-c

Unirest in Objective-C: Simplified, lightweight HTTP client library.
Objective-C
276
star
17

kong-dist-kubernetes

Kubernetes managed Kong cluster
Shell
255
star
18

kong-plugin

Simple template to get started with custom Kong plugins
Lua
230
star
19

charts

Helm chart for Kong
Mustache
224
star
20

unirest-net

Unirest in .NET: Simplified, lightweight HTTP client library.
C#
190
star
21

lua-resty-worker-events

Cross Worker Events for Nginx in Pure Lua
Lua
186
star
22

docs.konghq.com

🦍 Source code for docs.konghq.com website.
Ruby
186
star
23

kong-oauth2-hello-world

This is a simple node.js + express.js application that shows an authorization page for the OAuth 2.0 plugin on Kong.
JavaScript
173
star
24

kong-manager

Admin GUI for Kong Gateway (Official)
TypeScript
170
star
25

lua-resty-dns-client

Lua DNS client, load balancer, and utility library
Lua
151
star
26

kong-pongo

Tooling to run plugin tests with Kong and Kong Enterprise
Lua
139
star
27

go-pdk

Kong Go Plugin Development Kit
Go
126
star
28

kong-vagrant

πŸ’ Vagrantfile for Kong testing and development
Shell
125
star
29

kongponents

🦍 Kong Vue Component Library
Vue
119
star
30

lua-resty-healthcheck

Healthcheck library for OpenResty to validate upstream service status
Lua
119
star
31

kong-plugin-prometheus

Prometheus plugin for Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
119
star
32

apiglossary

Open source glossary of API terms, acronyms and industry buzzwords.
95
star
33

go-plugins

A collection of Kong plugins written in Go
Go
86
star
34

go-kong

Go binding for Kong's admin API
Go
81
star
35

kong-terraform-aws

Kong Terraform Module for AWS
HCL
77
star
36

kong-build-tools

Build tools to package and release Kong
Shell
77
star
37

homebrew-kong

πŸ’ Homebrew tap for Kong
Ruby
69
star
38

kong-dist-cloudformation

πŸ’ Kong CloudFormation Stack
66
star
39

go-pluginserver

Kong Go Plugin Server
Go
66
star
40

ngx_wasm_module

Nginx + WebAssembly
C
64
star
41

kong-plugin-zipkin

A Kong plugin for propogating zipkin spans and reporting spans to a zipkin server - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
60
star
42

kong-operator

Kong Operator for Kubernetes and OpenShift
Mustache
58
star
43

lua-multipart

Multipart Parser for Lua
Lua
55
star
44

mashape-php-library

Mashape PHP Server Library - Easily create an API in PHP. You can use it for existing services or brand new cloud components.
PHP
50
star
45

gojira

Multi-purpose tool to ease development and testing of Kong by using Docker containers
Shell
45
star
46

HARchiver

[Deprecated] Universal Lightweight Proxy for Galileo
OCaml
41
star
47

koko

koko - Control Plane for Kong Gateway [open-source]
Go
41
star
48

unirest-website

Simplified, lightweight HTTP libraries in multiple languages
HTML
39
star
49

kong-python-pdk

Write Kong plugins in Python
Python
39
star
50

go-srp

Secure Remote Password library for Go
Go
38
star
51

tcpbin

TCP Request & Response Service, written in node.js
HTML
37
star
52

kong-portal-templates

Themes, components, and utilities to help you get started with the Kong Dev Portal.
CSS
35
star
53

kong-plugin-acme

Let's Encrypt and ACMEv2 integration with Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
34
star
54

kong-mesh-dist-kubernetes

Start Kong 1.0 as a K8s sidecar
Makefile
33
star
55

kubernetes-testing-framework

Golang Integration Testing Framework For Kubernetes APIs and Controllers.
Go
32
star
56

gateway-operator

Go
32
star
57

demo-scene

🦍 a collection of demos and examples around Kong tools and technologies
JavaScript
30
star
58

docker-java8

A Dockerfile for starting a container with Java 8 installed
30
star
59

lua-kong-nginx-module

Nginx C module to allow deeper control of Nginx behaviors by Kong Lua code
Perl
30
star
60

Astronode-Broadcaster

A TCP replication server, or broadcaster, that replicates TCP commands to other TCP servers
Java
29
star
61

opentracing-lua

Opentracing Library for Lua
Lua
28
star
62

konnect-portal

Konnect OSS Dev Portal
TypeScript
28
star
63

atc-router

Expression based matching library for Kong
Rust
28
star
64

kong-js-pdk

Kong PDK for Javascript and plugin server
JavaScript
28
star
65

boss.js

Automatically load balance asyncronous jobs across multiple processes in a round-robin fashion.
JavaScript
27
star
66

kong-portal-cli

Kong Developer Portal CLI
TypeScript
25
star
67

lua-uuid

Lua library to generate UUIDs leveraging libuuid
Lua
25
star
68

insomnia-docs

This repository houses all Insomnia documentation.
JavaScript
25
star
69

lua-resty-lmdb

Safe API for manipulating LMDB databases using OpenResty/Lua.
C
24
star
70

lua-resty-aws

AWS SDK for OpenResty
Lua
22
star
71

lua-resty-timer

Extended timers for OpenResty
Perl
22
star
72

lua-resty-events

Inter process Pub/Sub pattern for Nginx worker processes
Perl
22
star
73

kong-plugin-request-transformer

Kong request transformer plugin - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
21
star
74

lua-resty-counter

Lock-free counter for OpenResty
Perl
21
star
75

kong-plugin-session

πŸͺ Session plugin for Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
20
star
76

lua-pack

A library for packing and unpacking binary data.
C
20
star
77

go-apiops

Kong's Go based APIOps library
Go
18
star
78

swagger-ui-kong-theme

Plugin theme for Swagger-UI that adds snippets
JavaScript
18
star
79

api-log-format

Specification and examples of the new API logging format ALF
17
star
80

kong-plugin-serverless-functions

Kong Serverless Plugins - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
17
star
81

apistatus

API status is a simple tool that checks if an API is online. http://apistatus.org
JavaScript
15
star
82

openresty-patches

Moved to https://github.com/Kong/kong-build-tools
Perl
14
star
83

kong-plugin-grpc-gateway

Kong Plugin to transcode REST request to gRPC - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
14
star
84

lua-resty-consul-event

Consul Events HTTP API Wrapper
Perl
14
star
85

srp-js

Fork of node-srp modified to work in the browser
TypeScript
14
star
86

harplayer

Replay HAR logs
JavaScript
13
star
87

kong-plugin-aws-lambda

AWS Lambda plugin - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
13
star
88

openresty-build-tools

Moved to https://github.com/Kong/kong-build-tools
Shell
13
star
89

jenkins-infrastructure

Cloudformation to create and update an ECS cluster that runs jenkins
Shell
12
star
90

kong-plugin-proxy-cache

HTTP Proxy Caching for Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
12
star
91

openapi2kong

Lib to convert OpenAPI specs into Kong specs
Lua
12
star
92

version.lua

Simple version comparison library
Lua
11
star
93

httpbin

Python
11
star
94

changelog-generator

a changelog generator focused on flexibility and ease of use
TypeScript
11
star
95

vault-kong-secrets

A Kong secrets backend for Vault
Go
11
star
96

py-postgrest

A library to work with PostgREST based APIs from Python
Python
11
star
97

priority-updater

Tool to quickly create a plugin with an updated priority
Lua
11
star
98

galileo-agent-java

Java Agent for Mashape Galileo
Java
10
star
99

kong-plugin-openwhisk

A kong plugin to invoke OpenWhisk action (serverless functions as service).
Lua
10
star
100

kong-upgrade-tests

Tests for upgrading from one Kong version to the next
Shell
10
star