• Stars
    star
    640
  • Rank 70,324 (Top 2 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created over 11 years ago
  • Updated almost 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Remove the OAuth dance with one request.

Guardian

Guardian was created with love by nijikokun and is maintained by Mashape, who also maintain the open-source API Gateway Kong.

##Summary

Avoid dealing with OAuth logic in your code, and spend more time creating your product. Guardian reduces the OAuth footprint in your code to a single request.

Built with modularity in mind, Guardian leverages plugins to handle OAuth flows, should you encounter a flow that Guardian doesn't handle, create a small flow plugin to do so and carry on. Guardian comes with 5 pre-made plugins that cover 99% of OAuth services.

Not to mention, Guardian is perfect for both production and testing. Services like Github require you to enter a single callback url, this is fine when in production, but move to another environment and soon you'll have conflicts, require building complex services to juggle environment scenarios and more. Guardian is centralized and easily configurable to allow multiple environments giving you the flexibility you need.

Requirements

Install

  1. Install Redis

  2. Globally install Guardian

    $ npm install -g guardian

Usage

$ guardian

Configuration

Configuration files are loaded from the current working directory of where you call Guardian. Should no configuration argument be passed ./config/default.js is loaded.

$ guardian -c <relative configuration path>

Options

Property Default Description
host localhost:3000 Public IP or Domain Name, used to generate the callback uri.
protocol http Host Protocol
port 3000 Server Port
workers require('os').cpus().length Number of forked instances of the Guardian server to run, suggested amount is CPU count.
pid.dir ./ .guardian.pid file output directory, for production we suggest placing this under the /home/<user>/ directory, requires trailing slash.
redis.host 127.0.0.1 Host redis can be reached on
redis.port 6379 Port redis is current running on
redis.pass Redis password
redis.expire 60 Guardian store expiration timeout in Seconds
cookie.secret Guardian cookie secret
session.secret Guardian session secret

Routes

Guardian HTTP API for handling authentication flows.

Storage

POST /store

Stores information given, returns a session hash to be used later on. Information stored lives for 60 seconds by default, change redis.expire to alter timeout duration.

Parameters

OAuth 2

Details specific to OAuth2

Key Default Description
client_id OAuth Client Identifier
client_secret OAuth Client Secret
grant_type Common values (dependant on OAuth flow used): authorization_code, client_credentials, password, refresh_token, ...
access_name access_token Access token name
authorize_method Bearer Optional - Authorization header method, some possible values: Bearer, OAuth, Digest
state State identifier, depends on provider
scope OAuth request scopes, depends on provider
OAuth 1

Details specific to OAuth 1.0a

Key Default Description
consumer_key OAuth Consumer Identifier
consumer_secret OAuth Consumer Secret
signature_method HMAC-SHA1 OAuth Header encryption method, possible values: PLAINTEXT, HMAC-SHA1, RSA-SHA1
oauth_token Optional; OAuth Token. Used in OAuth 1.0a 1-Legged (Resource request)
Plugin (required)

Parameters combined to create the plugin file name.

Key Default Description
auth_type oauth Authentication type, a-z characters accepted only.
auth_flow Optional; Authentication flow, would be echo, owner_resources, etc... a-z characters accepted only.
auth_version Optional; Authentication version, for OAuth 2, we would use 2, numeric only.
auth_leg Optional; Authentication leg, for OAuth 2 (3-legged), we would use 3, numeric only.

For example, plugins/oauth_2_3-legged.js (OAuth 2, 3-legged), would look like:

{
  ...
  auth_type: 'oauth',
  auth_version: 2,
  auth_leg: 3
  ...
}
General
Key Description
request_url Authentication Request Url, e.g. https://github.com/login/oauth/request_url
access_url Authentication Access Url, e.g. https://github.com/login/oauth/access_token
authorize_url Authentication Authorization Url, e.g. https://github.com/login/oauth/authorize
callback Authentication Callback URL on requesting server to obtain access_token and access_secret, e.g. http://localhost:3001/callback

Example

Request:

> POST https://<guardian-host>/store

{
  client_id: 'Client Identifier',
  client_secret: 'Client Secret',
  access_name: 'access_token',
  authorize_url: 'https://github.com/login/oauth/authorize',
  access_url: 'https://github.com/login/oauth/access_token',
  request_url: 'https://github.com/login/oauth/request_url',
  auth_type: "oauth",
  auth_version: 2,
  auth_leg: 3,
  callback: "http://localhost:3001/callback"
}

Response:

< 200 OK
< Header: Content-Type=application/json

{
  hash: '<guardian session hash>',
  url: 'https://<guardian-host>/start?hash=<guardian session hash>'
}

Hash Check

GET /hash-check

Allows you to preview / verify your stored information in-case of error or malformed response.

Once again, stored information by default lasts only 10 seconds.

Parameters

Key Description
hash Guardian session hash obtained from Storage

Start

GET /start?hash=<guardian store hash>

Redirecting the client to this route starts the Guardian authentication steps, Each steps are done with 302 response code and should be followed.

Parameters

Key Description
hash Guardian session hash obtained from Storage
OAuth 1.0a

Used in the OAuth 1.0a Signature Process for 1-Legged requests. Example.

Key Description
url Request URL, query parameters will be parsed from here as well as parameters property.
method Request Method.
body Request Payload / Body.
parameters Request Parameters for Request Signatures or etc...

Tests & Examples

Each test in the test folder is based on an API or feature of guardian rather than TDD or BDD based tests, we verify successful authentication and we can retrieve information while authenticated from the API using tokens Guardian provides.

In this manner the tests also serve as very good examples of how to use Guardian.

To run one of these test you'll need to have keys ready and run the following command:

$ node tests/<provider name>.js \
  -k {Your Consumer/Client Key/Id} \
  -s {Your Consumer/Client Secret} \
  -h {host, ie: localhost or domain}

Then visit the server running on port 3001 to start the authentication process.

License

MIT


More Repositories

1

kong

🦍 The Cloud-Native API Gateway and AI Gateway.
Lua
38,724
star
2

insomnia

The open-source, cross-platform API client for GraphQL, REST, WebSockets and gRPC.
JavaScript
30,407
star
3

unirest-java

Unirest in Java: Simplified, lightweight HTTP client library.
Java
2,602
star
4

kubernetes-ingress-controller

🦍 Kong for Kubernetes: The official Ingress Controller for Kubernetes.
Go
2,127
star
5

swrv

Stale-while-revalidate data fetching for Vue
TypeScript
2,089
star
6

mockbin

Mock, Test & Track HTTP Requests and Response for Microservices
JavaScript
1,988
star
7

mashape-oauth

OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2,3-Legged, 1.0a, Echo, XAuth, and 2.0
JavaScript
1,781
star
8

docker-kong

🐒 Docker distribution for Kong
Shell
1,392
star
9

unirest-php

Unirest in PHP: Simplified, lightweight HTTP client library.
PHP
1,282
star
10

httpsnippet

HTTP Request snippet generator for many languages & libraries
TypeScript
1,061
star
11

unirest-nodejs

Unirest in Node.js: Simplified, lightweight HTTP client library.
JavaScript
954
star
12

deck

decK: Configuration management and drift detection for Kong
Go
437
star
13

unirest-python

Unirest in Python: Simplified, lightweight HTTP client library.
Python
432
star
14

apiembed

Embeddable API code snippets for your website, blog or API documentation
Pug
402
star
15

unirest-ruby

Unirest in Ruby: Simplified, lightweight HTTP client library.
Ruby
365
star
16

unirest-obj-c

Unirest in Objective-C: Simplified, lightweight HTTP client library.
Objective-C
276
star
17

kong-dist-kubernetes

Kubernetes managed Kong cluster
Shell
255
star
18

kong-manager

Admin GUI for Kong Gateway (Official)
TypeScript
242
star
19

kong-plugin

Simple template to get started with custom Kong plugins
Lua
238
star
20

charts

Helm chart for Kong
Mustache
224
star
21

lua-resty-worker-events

Cross Worker Events for Nginx in Pure Lua
Lua
190
star
22

unirest-net

Unirest in .NET: Simplified, lightweight HTTP client library.
C#
190
star
23

docs.konghq.com

🦍 Source code for docs.konghq.com website.
Ruby
186
star
24

kong-oauth2-hello-world

This is a simple node.js + express.js application that shows an authorization page for the OAuth 2.0 plugin on Kong.
JavaScript
173
star
25

kong-pongo

Tooling to run plugin tests with Kong and Kong Enterprise
Lua
154
star
26

lua-resty-dns-client

Lua DNS client, load balancer, and utility library
Lua
152
star
27

kongponents

🦍 Kong Vue Component Library
Vue
134
star
28

go-pdk

Kong Go Plugin Development Kit
Go
126
star
29

kong-vagrant

🐒 Vagrantfile for Kong testing and development
Shell
124
star
30

lua-resty-healthcheck

Healthcheck library for OpenResty to validate upstream service status
Lua
119
star
31

kong-plugin-prometheus

Prometheus plugin for Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
119
star
32

apiglossary

Open source glossary of API terms, acronyms and industry buzzwords.
95
star
33

go-kong

Go binding for Kong's admin API
Go
87
star
34

go-plugins

A collection of Kong plugins written in Go
Go
86
star
35

ngx_wasm_module

Nginx + WebAssembly
C
80
star
36

kong-terraform-aws

Kong Terraform Module for AWS
HCL
77
star
37

kong-build-tools

Build tools to package and release Kong
Shell
77
star
38

homebrew-kong

🐒 Homebrew tap for Kong
Ruby
69
star
39

kong-dist-cloudformation

🐒 Kong CloudFormation Stack
66
star
40

go-pluginserver

Kong Go Plugin Server
Go
66
star
41

kong-plugin-zipkin

A Kong plugin for propogating zipkin spans and reporting spans to a zipkin server - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
60
star
42

kong-operator

Kong Operator for Kubernetes and OpenShift
Mustache
58
star
43

lua-multipart

Multipart Parser for Lua
Lua
55
star
44

mashape-php-library

Mashape PHP Server Library - Easily create an API in PHP. You can use it for existing services or brand new cloud components.
PHP
50
star
45

gateway-operator

Kubernetes Operator for Kong Gateways
Go
46
star
46

gojira

Multi-purpose tool to ease development and testing of Kong by using Docker containers
Shell
45
star
47

kong-python-pdk

Write Kong plugins in Python (Experimental)
Python
44
star
48

HARchiver

[Deprecated] Universal Lightweight Proxy for Galileo
OCaml
41
star
49

atc-router

Expression based matching library for Kong
Rust
41
star
50

koko

koko - Control Plane for Kong Gateway [open-source]
Go
41
star
51

unirest-website

Simplified, lightweight HTTP libraries in multiple languages
HTML
39
star
52

go-srp

Secure Remote Password library for Go
Go
38
star
53

tcpbin

TCP Request & Response Service, written in node.js
HTML
37
star
54

kong-plugin-acme

Let's Encrypt and ACMEv2 integration with Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
36
star
55

kong-portal-templates

Themes, components, and utilities to help you get started with the Kong Dev Portal.
CSS
35
star
56

kong-js-pdk

Kong PDK for Javascript and plugin server
JavaScript
35
star
57

kong-mesh-dist-kubernetes

Start Kong 1.0 as a K8s sidecar
Makefile
33
star
58

kubernetes-testing-framework

Golang Integration Testing Framework For Kubernetes APIs and Controllers.
Go
32
star
59

lua-kong-nginx-module

Nginx C module to allow deeper control of Nginx behaviors by Kong Lua code
Perl
32
star
60

demo-scene

🦍 a collection of demos and examples around Kong tools and technologies
JavaScript
30
star
61

konnect-portal

Konnect OSS Dev Portal
TypeScript
30
star
62

docker-java8

A Dockerfile for starting a container with Java 8 installed
30
star
63

Astronode-Broadcaster

A TCP replication server, or broadcaster, that replicates TCP commands to other TCP servers
Java
29
star
64

insomnia-docs

This repository houses all Insomnia documentation.
JavaScript
29
star
65

opentracing-lua

Opentracing Library for Lua
Lua
28
star
66

lua-resty-events

Inter process Pub/Sub pattern for Nginx worker processes
Raku
28
star
67

boss.js

Automatically load balance asyncronous jobs across multiple processes in a round-robin fashion.
JavaScript
27
star
68

kong-portal-cli

Kong Developer Portal CLI
TypeScript
25
star
69

lua-uuid

Lua library to generate UUIDs leveraging libuuid
Lua
25
star
70

lua-resty-aws

AWS SDK for OpenResty
Lua
24
star
71

lua-resty-lmdb

Safe API for manipulating LMDB databases using OpenResty/Lua.
C
24
star
72

kong-plugin-request-transformer

Kong request transformer plugin - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
22
star
73

lua-resty-timer

Extended timers for OpenResty
Perl
22
star
74

lua-resty-counter

Lock-free counter for OpenResty
Perl
21
star
75

kong-plugin-session

🍪 Session plugin for Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
20
star
76

lua-pack

A library for packing and unpacking binary data.
C
20
star
77

go-apiops

Kong's Go based APIOps library
Go
19
star
78

swagger-ui-kong-theme

Plugin theme for Swagger-UI that adds snippets
JavaScript
19
star
79

terraform-provider-konnect

Terraform Provider for Kong Konnect
Go
18
star
80

api-log-format

Specification and examples of the new API logging format ALF
17
star
81

kong-plugin-serverless-functions

Kong Serverless Plugins - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
17
star
82

apistatus

API status is a simple tool that checks if an API is online. http://apistatus.org
JavaScript
15
star
83

changelog-generator

a changelog generator focused on flexibility and ease of use
TypeScript
14
star
84

openresty-patches

Moved to https://github.com/Kong/kong-build-tools
Perl
14
star
85

kong-plugin-grpc-gateway

Kong Plugin to transcode REST request to gRPC - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
14
star
86

lua-resty-consul-event

Consul Events HTTP API Wrapper
Perl
14
star
87

srp-js

Fork of node-srp modified to work in the browser
TypeScript
14
star
88

KongAir

An example Kong Konnect application deployed with Kong APIOps
JavaScript
13
star
89

harplayer

Replay HAR logs
JavaScript
13
star
90

kong-plugin-aws-lambda

AWS Lambda plugin - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
13
star
91

openresty-build-tools

Moved to https://github.com/Kong/kong-build-tools
Shell
13
star
92

priority-updater

Tool to quickly create a plugin with an updated priority
Lua
13
star
93

jenkins-infrastructure

Cloudformation to create and update an ECS cluster that runs jenkins
Shell
12
star
94

httpbin

Python
12
star
95

kong-custom-plugin-workshop

Lua
12
star
96

kong-apisecops-redhat

Self-paced demo of APISecOps with ROSA and Kong Konnect
Jinja
12
star
97

version.lua

Simple version comparison library
Lua
11
star
98

kong-license

Kong Inc internal script to manage your local test license
Shell
11
star
99

kong-plugin-proxy-cache

HTTP Proxy Caching for Kong - this plugin has been moved into https://github.com/Kong/kong, please open issues and PRs in that repo
Lua
11
star
100

openapi2kong

Lib to convert OpenAPI specs into Kong specs
Lua
11
star