-
Notifications
You must be signed in to change notification settings - Fork 0
Usage
You just need to declare the nodeboot-oauth2-starter class. To do this you will need to pass it the following values:
| Value | Description | Requirement | Type |
|---|---|---|---|
| expressApp | Any express application | required |
Express.app |
| knex | An knex connection using mysql | required |
Knex |
| jwtSecret | A secret to encode your jwt tokens | required |
string |
| cryptoSecret | A secret to encrypt the client secret | required |
string |
| extraParts | An array containing extra basic application parts to add in the database creation | optional |
string[] |
const oauthBoot = new OauthBoot(expressApp, knex, jwtSecret, cryptoSecret, [
"extra",
]);The oauthBoot has the following variables:
| Variable | Description | Type |
|---|---|---|
| expressApp | Any express application | Express |
| knex | An knex connection using mysql | Knex |
| expressSecured | A basic express application with extra functions to validate your endpoints | string |
| jwtSecret | A secret to encode your jwt tokens | string |
| cryptoSecret | A secret to encrypt the client secret | string |
| extraParts | An array containing extra basic application parts to add in the database creation | string[] |
| expiresIn | The jwt tokens expiration time | string |
const securedExpress = oauthBoot.expressSecured;Then you will need to call the init() function this will create, if not present or compatible, all of the required data base tables. This will also create a credentials.txt file with the user admin credentials and the client admin credentials. Then will add the protective middleware for your application and finally add a list of endpoints to create users, clients, applications, application parts, part options, roles and other endpoints to generate tokens and validate them.
await oauthBoot.init();For now this nodeboot-oauth2-starter supports the GET, POST, PUT, DELETE methods. How to use:
Instead of:
expressApp.get('/employee', (req, res) => {...});
expressApp.post('/employee', (req, res) => {...});
expressApp.put('/employee', (req, res) => {...});
expressApp.delete('/employee', (req, res) => {...});Use:
securedExpress.obGet('/employee', 'applicationPart:canRead', (req, res) => {...});
securedExpress.obPost('/employee', 'applicationPart:canCreate', (req, res) => {...});
securedExpress.obPut('/employee', 'applicationPart:canUpdate', (req, res) => {...});
securedExpress.obDelete('/employee', 'applicationPart:canDelete', (req, res) => {...});You will need a token, to generate jwt tokes you will need to call /auth/token?grant_type=<password or client_credentials> endpoint. Password for users and client_credentials for clients. The password and username of the user in the body, the client_secret and client_id in the query url if the subject is a client.
Given that token you can send it either in the query url with ?access_token=<token> or send it in the Authorization header with:
{
"Authorization": "BEARER <token>"
}You will have to create to create users, clients, application parts, options and roles. To do this you should use the manage endpoints present in the documentation.
If you are using angular you can also use our own angular library to have an graphic interface.
For an stand alone usage in your back-end just follow the general usage part. You will not need to create other application just use the access control string to protect your endpoints.
All of the general usage points stand however to protect an external api that is in lets say using .NET first create a new application lest say C# app that application will have an id that can be used to validate the access token. Each application has its own parts and options.
To validate an access token use the /auth/validate endpoint sending the application id and the part, the endpoint will give you the allowed options of the subject that the token belongs to.