• This repository has been archived on 03/Mar/2023
  • Stars
    star
    401
  • Rank 107,625 (Top 3 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created about 13 years ago
  • Updated over 9 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A zero-dependency mutli-service authentication tool for node.js

authom

authom is an authentication library for node.js. It unifies authentication APIs for multiple services into a single EventEmitter, and works with both the built-in node.js HTTP module and as an Express/Connect app.

authom was designed to solve one problem and solve it well. It has an intuitive node.js-like API, no required dependencies, and doesn't force any particular persistence, session, or middleware approaches on you.

Example

For the built-in node.js HTTP module:

// Like socket.io, authom will intercept requests
// for you to help keep your routes clean.

var server = require("http").createServer()
  , authom = require("authom")

server.on("request", function() {
  // your usual server logic
})

// create servers for the services you'll be using
authom.createServer({ /* facebook credentials */ })
authom.createServer({ /* github credentials */ })
authom.createServer({ /* google credentials */ })
authom.createServer({ /* twitter credentials */ })
// ... et cetera

authom.on("auth", function(req, res, data) {
  // called when a user is authenticated on any service
})

authom.on("error", function(req, res, data) {
  // called when an error occurs during authentication
})

authom.listen(server)
server.listen(8000)

For Express/Connect:

var express = require("express")
  , app = express()
  , authom = require("authom")

// create servers for the services you'll be using
authom.createServer({ /* facebook credentials */ })
authom.createServer({ /* github credentials */ })
authom.createServer({ /* google credentials */ })
authom.createServer({ /* twitter credentials */ })
// ... et cetera

authom.on("auth", function(req, res, data) {
  // called when a user is authenticated on any service
})

authom.on("error", function(req, res, data) {
  // called when an error occurs during authentication
})

app.get("/auth/:service", authom.app)

app.listen(8000)

Supported services

37signals (by nodebiscut)

Bitbucket (by aslakhellesoy)

Dropbox (by cartuchogl)

Dwolla (by nodebiscut)

Facebook (by jed)

Fitbit (by pspeter3)

Foodspotting (by kimtaro)

Foursquare (by nodebiscut)

GitHub (by jed)

Google (by jed)

Gowalla (by jed)

Instagram (by jed)

LinkedIn (by shinecita)

Meetup (by softprops)

Reddit (by avidw)

SoundCloud (by jed)

Stripe Connect (by recipher)

Trello (by falexandrou)

Twitter (by jed)

Vkontakte (by molforp)

Windows Live (by jed)

Ninja Blocks (by thatguydan)

Installation and Setup

To install, enter:

$ npm install authom

To see the demo, enter:

$ npm start authom

And then head to http://authom.jedschmidt.com (which resolves to your local machine at 127.0.0.1). sudo is needed to bind to port 80, as many providers do not allow callback URLs with a port or localhost as the host.

FAQ

How can I add my own service?

See Extending authom below.

Why not just use everyauth/passport? How is authom different?

authom aims to solve a smaller problem, more agnostically. It trades convenience for simplicity and flexibility. Here are some key differences:

  • authom was built for node, and can also work with Express, while everyauth is tied to Express and Connect. everyauth aims for a much more ambitious integration, but at the expense of locking you into a particular stack. authom takes a more UNIX approach; since it doesn't handle logins, persistence, sessions, or anything past authentication, it is more of a tool and less of a framework.

  • authom uses native node.js conventions such as EventEmitters and objects, while everyauth uses promises and a chaining config API. This is of course subjective, but the authom API aims to be closer to the APIs of node.js itself.

API

authom.createServer(options, [function(req, res){}])

Creates an EventEmitter for the given authentication service. The service is specified by the service key of the options object, with all other keys differing based on the service. For example, github would be called like this:

var github = authom.createServer({
  service: "github",
  id: "7e38d12b740a339b2d31",
  secret: "116e41bd4cd160b7fae2fe8cc79c136a884928c3",
  scope: ["gist"]
})

An optional name member can also be passed to override that used for authom path matching. So if you had two GitHub apps, you could set them as name: github1 and name: github2, so that they could be accessed as /auth/github1 and /auth/github2.

You can listen for auth and error events by:

  • listening to a specific service for service-specific events, or
  • listening to authom for all service events

For example, use this to listen for events from GitHub, based on the code above:

github.on("auth", function(req, res, gitHubSpecificData){})
github.on("error", function(req, res, gitHubSpecificData){})

Or, use this to listen to events from all provders, since authom already listens and namespaces them for you:

authom.on("auth", function(req, res, data){})
authom.on("error", function(req, res, data){})

authom.on("auth", function(req, res, data){})

Listens for successful authentications across all services. The listener is called with the original request/response objects as well as a service-specific user object, which contains the following keys:

  • token: the token resulting from authentication
  • refresh_token: the refresh_token resulting from authentication, if implemented by auth service, otherwise undefined
  • id: the ID of the user on the remote service
  • data: the original data returned from the service, and
  • service: the name of the service, given so that you can branch your code:
authom.on("auth", function(req, res, data) {
  switch(data.service) {
    case "github": ...
    case "google": ...
    .
    .
    .
  }
})

authom.on("error", function(req, res, data){})

Listens for failed authentications across all services. Like the auth event, the listener is called with the original request/response objects as well as an error object, allowing you to provide your own session scheme.

authom.listen(server)

Listens to an existing HTTP(S) server for request events. Like socket.io's .listen method, authom will intercept any request whose path starts with /auth.

authom.listener

A standard node.js listener. This can be used for more control over the path at which authom is used. For example, the following two are equivalent:

// socket.io-style
var server = require("http").createServer()
  , authom = require("authom")

server.on("request", function() {
  /* your usual server logic */
})

authom.listen(server)
server.listen(8000)
// route-style
var server = require("http").createServer()
  , authom = require("authom")

server.on("request", function(req, res) {
  if (req.url.slice(5) == "/auth") authom.listener(req, res)

  else {
	/* your usual server logic */
  }
})

server.listen(8000)

authom.registerService(serviceName, Service)

Authom-compliant services can be registered using this method. This is useful for adding custom authentication services not suited to be part of the /lib core services. (For example a business-specific in-house authentication service.) Custom services will override existing services of the same name.

var authom = require("authom")
  , EventEmitter = require("events").EventEmitter

//Custom authentication service
var IpAuth = function(options) {
  var server = new EventEmitter
  var whiteList = options.whiteList || ["127.0.0.1", "::1"]

  server.on("request", function(req, res) {
    if (~whiteList.indexOf(req.connection.remoteAddress)) {
      server.emit("auth", req, res, {status: "yay"})
    }
    else {
      server.emit("error", req, res, {status: "boo"})
    }
  })

  return server
}

authom.registerService("ip-auth", IpAuth)

auth.createServer({
  service: "ip-auth",
  whiteList : ["127.0.0.1", "::1", "192.168.0.1"]
})

authom.route

A regular expression that is run on the pathname of every request. authom will only run if this expression is matched. By default, it is /^\/auth\/([^\/]+)\/?$/.

authom.app

This is a convenience Express app, which should be mounted at a path containing a :service parameter.

Providers

37signals (create an app)

Options:

  • service: "37signals"
  • id: the application's Client ID
  • secret: the application's Client secret

Example:

var signals = authom.createServer({
  service: "37signals",
  id: "c2098292571a03070eb12746353997fb8d6f0e00",
  secret: "4cb7f46fa83f73ec99d37162b946522b9e7a4d5a"
})

Dropbox (create an app)

Options:

  • service: "dropbox"
  • id: the application's App key
  • secret: the application's App secret
  • info: specify true if you want to get the user info (a little slower - one extra request)

Example:

var dropbox = authom.createServer({
  service: "dropbox",
  id: "zuuteb2w7i82mdg",
  secret: "rj503lgqodxzvbp"
  info: true
})

Dwolla Live (create an app)

Options:

  • service: "dwolla"
  • id: the application's Client ID
  • secret: the application's Client secret
  • scope: the scope requested.

Example:

var dwolla = authom.createServer({
  service: "dwolla",
  id: "0vNUP/9/GSBXEv69nqKZVfhSZbw8XQdnDiatyXSTM7vW1WzAAU",
  secret: "KI2tdLiRZ813aclUxTgUVyDbxysoJQzPBjHTJ111nHMNdAVlcs",
  scope: "AccountInfoFull"
})

Facebook (create an app)

Options:

  • service: "facebook"
  • id: the application's App ID
  • secret: the application's App secret
  • scope (optional): the scopes requested by your application
  • fields (optional): the fields passed onto /users/me Example:
var facebook = authom.createServer({
  service: "facebook",
  id: "256546891060909",
  secret: "e002572fb07423fa66fc38c25c9f49ad",
  scope: [],
  fields: ["name", "picture"]
})

Fitbit (request api key)

Options:

  • service: "fitbit"
  • id: the application's Client ID
  • secret: the application's Client secret

Example:

var fitbit = authom.createServer({
  service: "fitbit",
  id: "45987d27b0e14780bb1a6f1769e679dd",
  secret: "3d403aaeb5b84bc49e98ef8b946a19d5"
})

Foodspotting (request api key)

Options:

  • service: "foodspotting"
  • id: the application's Client ID
  • secret: the application's Client secret

Example:

var foodspotting = authom.createServer({
  service: "foodspotting",
  id: "<api key>",
  secret: "<api secret>"
})

Foursquare (create an app)

Options:

  • service: "foursquare"
  • id: the application's CLIENT ID
  • secret: the application's CLIENT SECRET

Example:

var foursquare = authom.createServer({
  service: "foursquare",
  id: "0DPGLE430Y2LFUCOSFXB0ACG3GGD5DNHH5335FLT4US1QDAZ",
  secret: "WLNCAVFHCMQGVYOZTNOLPXW0XL2KN0DRD1APOA45SRGEZSGK"
})

GitHub (create an app)

Full Docs

Options:

  • service: "github"
  • id: the application's Client ID
  • secret: the application's Secret
  • redirect_uri (optional): Alternative redirect url.
  • scope (optional): the scopes requested by your application, as explained here.
  • state (optional): Unguessable random string.
  • url (optional): URL to github. Specify this to use with GitHub Enterprise.

Example:

var github = authom.createServer({
  service: "github",
  id: "7e38d12b740a339b2d31",
  secret: "116e41bd4cd160b7fae2fe8cc79c136a884928c3",
  scope: "gist"
})

Make sure that the callback URL used by your application has the same hostname and port as that specified for your application. If they are different, you will get redirect_uri_mismatch errors.

Bitbucket (Go to https://bitbucket.org/account/user/YOURACCOUNT/api to create an app)

Options:

  • service: "bitbucket"
  • id: the application's Key
  • secret: the application's Secret
  • emails: specify true if you want to get the user's emails (a little slower - one extra request)

Example:

var bitbucket = authom.createServer({
  service: "bitbucket",
  id: "Fs7WNJSqgUSL8zBAZD",
  secret: "yNTv52kS7DWSztpLgbLWKD2AaNxGq2mB",
  emails: true
})

Google (create an app)

Options:

  • service: "google"
  • id: the application's Client ID
  • secret: the application's Client secret
  • scope (optional): the scopes requested by your application

Example:

var google = authom.createServer({
  service: "google",
  id: "515913292583.apps.googleusercontent.com",
  secret: "UAjUGd_MD9Bkho-kazmJ5Icm",
  scope: ""
})

Gowalla (create an app)

Options:

  • service: "gowalla"
  • id: the application's API key
  • secret: the application's Secret key

Example:

var gowalla = authom.createServer({
  service: "gowalla",
  id: "b8514b75c2674916b77c9a913783b9c2",
  secret: "34f713fdd6b4488982328487f443bd6d"
})

Make sure that the callback URL used by your application is identical to that specified for your application. With the default settings, you'll need a redirect URI of http://<your-host>/auth/google.

Instagram (create an app)

Options:

  • service: "instagram"
  • id: the application's CLIENT ID
  • secret: the application's CLIENT SECRET
  • scope (optional): the scopes requested by your application

Example:

var instagram = authom.createServer({
  service: "instagram",
  id: "e55497d0ebc24289aba4e715f1ab7d2a",
  secret: "a0e7064bfda64e57a46dcdba48378776"
})

Reddit (create an app)

Options:

  • service: "reddit"
  • id: the application's CLIENT ID
  • secret: the application's CLIENT SECRET
  • state: Unguessable random string.
  • scope (optional): the scopes requested by your application

Example:

var reddit = authom.createServer({
  service: "reddit",
  id: "hG5c04ZOk0UngQ",
  secret: "mdJoGP4ayA9M7NdBiKxZUyewz7M",
  state: "unguessable-random-string",
  scope: "identity"
})

SoundCloud (create an app)

Options:

  • service: "soundcloud"
  • id: the application's Client ID
  • secret: the application's Client Secret

Example:

var soundcloud = authom.createServer({
  service: "soundcloud",
  id: "9e5e7b0a891b4a2b13aeae9e5b0c89bb",
  secret: "2f4df63c8ff10f466685c305e87eba6f"
})

Trello (create an app)

Options:

  • service: "trello"
  • id: the application's Consumer key
  • secret: the application's Consumer secret
  • app_name: the application's name
  • expiration: optional - when the token expires (examples: never, 30days, 1day). Default is 30days
  • scope: optional - by default the scope is set to read. Example: read,write

Example:

var trello = authom.createServer({
  service: "trello",
  id: "LwjCfHAugMghuYtHLS9Ugw",
  secret: "etam3XHqDSDPceyHti6tRQGoywiISY0vZWfzhQUxGL4",
  app_name: "Coolest app in the world",
  expiration: "never",
  scope: "read,write",
})

Twitter (create an app)

Options:

  • service: "twitter"
  • id: the application's Consumer key
  • secret: the application's Consumer secret

Example:

var twitter = authom.createServer({
  service: "twitter",
  id: "LwjCfHAugMghuYtHLS9Ugw",
  secret: "etam3XHqDSDPceyHti6tRQGoywiISY0vZWfzhQUxGL4"
})

Notes: Since Twitter is still (!) using the old OAuth1.0a protocol, it requires @ciaranj's node-oauth library to be installed.

Vkontakte (create an app)

Options:

  • service: "vkontakte"
  • id: the application's App ID
  • secret: the application's App secret
  • scope (optional): the scopes requested by your application
  • fields (optional): the fields passed onto /method/users.get

Example:

var vkontakte = authom.createServer({
  service: "vkontakte",
  id: "3793488",
  secret: "jZnIeU4nnQfqM5mfjkK0",
  scope: [],
  fields: ["screen_name", "sex", "photo"]
})

Windows Live (create an app)

Options:

  • service: "windowslive"
  • id: the application's Client ID
  • secret: the application's Client secret
  • scope: the scope requested.

Example:

var windowslive = authom.createServer({
  service: "windowslive",
  id: "000000004C06BA3A",
  secret: "2RsIhweMq6PxR8jc5CjTVoCqTvKZmctY",
  scope: "wl.basic"
})

LinkedIn (create an app)

Options:

  • service: "linkedin"
  • id: the application's Api key
  • secret: the application's Secret key
  • scopes: Optional. An array with the scopes, fe: ["r_fullprofile", "r_emailaddress"]. Default: r_fullprofile
  • fields: Optional. Comma separated (no spaces) String with the linkedIn fields to include in the query, fe: "first-name,last-name,picture-url,industry,summary,specialties,skills,projects,headline,site-standard-profile-request"
  • format: Optional. Format of the response, default "json".

Example:

var linkedin = authom.createServer({
  service: "linkedin",
  id: "AsjCfHAugMghuYtHLS9Xzy",
  secret: "arom3XHqDSDPceyHti6tRQGoywiISY0vZWfzhQUxXZ5"
})

Extending authom

To add an authentication service provider, add a javascript file for the service at the path /lib/services/<service-name>.js. This file should module.exports a constructor that returns an EventEmitter that listens for request events, and emits auth and error events to itself.

var EventEmitter = require("events").EventEmitter

module.exports = function(options) {
  var server = new EventEmitter

  server.on("request", function(req, res) {
    // respond to the request, redirecting the user as needed

    if (successful) {
      // pass an object containing the service's user data
      server.emit("auth", req, res, obj)
    }

    else {
      // pass an object containing an error message
      server.emit("error", req, res, obj)
    }
  })

  return server
}

To make sure that your code can recieve subsequent HTTP(S) calls from the service, use the inbound req.url as the callback URL, using the querystring to disambiguate different stages of the authentication process. See /lib/services/github.js for an example implementation.

Once you're done, and have written tests, make sure you open a pull request so that the rest of us can benefit!

License

Copyright (c) 2012 Jed Schmidt, http://jed.is/

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

More Repositories

1

140bytes

Once a tweet-sized, fork-to-play, community-curated collection of JavaScript.
HTML
1,031
star
2

lave

eval in reverse: stringifying all the stuff that JSON.stringify won't
JavaScript
896
star
3

fab

a modular async web framework for node.js
JavaScript
732
star
4

browserver-client

เทด A node.js HTTP server in your browser เทด
JavaScript
638
star
5

browserver-node

เทด Browserver proxy for node.js เทด
JavaScript
333
star
6

domo

Markup, style, and code in one language.
JavaScript
308
star
7

certbot-route53

Helping create Let's Encrypt certificates for AWS Route53
Shell
175
star
8

kibi

a client-side web framework in 1,024 bytes
JavaScript
144
star
9

dynamo

DynamoDB client for node.js
JavaScript
141
star
10

building-brooklynjs

My story of how we built BrooklynJS.
136
star
11

rndr.me

an HTTP server that uses PhantomJS to render HTML
JavaScript
133
star
12

weenote

A quick/dirty/tiny tool for creating simple Takahashi-style presentations.
HTML
119
star
13

hyperspider

A declarative HATEOAS API crawler for node.js
JavaScript
114
star
14

sheet-down

A Google Spreadsheet implementation of leveldown
JavaScript
108
star
15

cookie-node

signed cookie functionality for node.js
JavaScript
82
star
16

config-leaf

Hide your sensitive node.js bits in plain sight.
JavaScript
53
star
17

sajak

Simple Authenticated JSON API Kit
JavaScript
33
star
18

dynamo-down

A leveldown API implementation on AWS DynamoDB
JavaScript
31
star
19

localhose

Hose your hosts file for easier local web development
JavaScript
29
star
20

browserver.org

The code for the browserver.org web site.
CoffeeScript
29
star
21

emit

A reactive toolkit for JavaScript
JavaScript
29
star
22

dynamo-client

A low-level client for accessing DynamoDB from node.js
JavaScript
28
star
23

osx-browser-vm

Evaluate JavaScript in local OS X browsers
JavaScript
28
star
24

dynamo-streams

A stream-flavored wrapper for the AWS DynamoDB JavaScript API
JavaScript
25
star
25

wc-jsx-runtime

A JSX transform for Web Components
JavaScript
23
star
26

tmpl-node

a template module for node.js
JavaScript
20
star
27

esbuild-plugin-http-fetch

An esbuild plugin that resolves http(s) modules
JavaScript
19
star
28

skeyma

A JavaScript parser & serializer for {key, value} objects & streams
JavaScript
18
star
29

browserver-router

A platform-agnostic router for HTTP listeners that follow the node.js spec
JavaScript
18
star
30

cfn-api-gateway-custom-domain

API Gateway custom domains as CloudFormation resources, backed by Let's Encrypt
JavaScript
18
star
31

alReady.js

a terse, embeddable, and cross-browser domReady implementation
JavaScript
17
star
32

electric-objects

A node.js API for the Electric Objects EO1 frame
JavaScript
17
star
33

monot

Unique JavaScript dates
JavaScript
15
star
34

google-worksheet-stream

A streaming interface for Google Spreadsheets
JavaScript
14
star
35

dinkumise

Keep ya JavaScripts Dinki-di!
11
star
36

pbsb

getters/setters and pub/sub in one tiny javascript function
JavaScript
11
star
37

twil-eo

Using Twilio, AWS, and Electric Objects to create an MMS-powered family photo frame.
JavaScript
10
star
38

textpanda

web-based text shortcuts for the lazy
JavaScript
8
star
39

diff-stream2

Merges multiple sorted streams into a diffed tuple stream
JavaScript
7
star
40

namedrop

minification for DOM-heavy code
JavaScript
7
star
41

eartag

Tag browsers like farmers tag livestock
JavaScript
7
star
42

autorequire

small module for autorequiring. warning: MAGIC!
JavaScript
6
star
43

sort-stream2

Array.prototype.sort for streams
JavaScript
6
star
44

dynamo-sync

Differential data synchronization for Amazon's DynamoDB
6
star
45

google-oauth-jwt-stream

A readable stream of OAuth access tokens for use with Google APIs
JavaScript
6
star
46

dom-jsx-runtime

A tiny library that turns JSX into DOM operations
JavaScript
6
star
47

node-lacrosse

A node.js streaming API for Lacrosse Alert sensors
JavaScript
6
star
48

abstract-stream-leveldown

A stream-based abstract prototype matching the LevelDOWN API
JavaScript
5
star
49

gist-in-time

a stylesheet for displaying github gist metadata on hover
5
star
50

typd.in

a web-based input method editor for japanese
JavaScript
4
star
51

esbuild-plugin-eval

An esbuild plugin that evaluates a module before importing it
JavaScript
4
star
52

one-character-identifiers

every javascript identifier that fits in a character
JavaScript
4
star
53

jed.is

personal web site
3
star
54

domogenize

Turn static HTML and CSS into declarative JavaScript
JavaScript
3
star
55

ramendan

CoffeeScript
3
star
56

census-topologies

Topologies from the U.S. Census Bureau
Shell
3
star
57

20x20

a simple pecha kucha timer optimized for my iPhone
JavaScript
3
star
58

utfn

a test of the utf-n encoding
3
star
59

esbuild-plugin-bundle

An esbuild plugin that bundles modules before importing them
JavaScript
2
star
60

deno_bundle

A temporary workaround to support bundling with sourcemaps in Deno
JavaScript
2
star
61

ordered-kv-tuple-stream

Aligns multiple ordered k/v readable streams into one
JavaScript
2
star
62

tuple-stream2

Aligns multiple readable object streams into one stream
JavaScript
2
star
63

esbuild-plugin-deno-http

An esbuild plugin that uses Deno to resolve and cache HTTP modules
JavaScript
2
star
64

esbuild-plugin-env

An esbuild plugin that exports the current environment as a module
JavaScript
2
star
65

deno-file-system-access-api

File System Access API for Deno
JavaScript
1
star
66

level-sync

One-way sync for levelup data stores
JavaScript
1
star
67

abevigoda

Abe Vigoda as a Service
JavaScript
1
star
68

esbuild-plugin-view-source

An esbuild plugin that enables built modules to be imported as source
JavaScript
1
star