I am implementing authentication to my api. My goal is to store token in "somewhere" (cache / memory /whatever - it is not the most important or dire part of it) and return only session id, so now user will send to me only that session id.
1) First req., with token
2) Session is started, session_id generated and token is stored now
3) session_id returned to "user"
4) Second req., with session_id (it passes)
If that is not possible, I will just work with modified flow that will allow session+cookies.
Until now i tried 2 strategies to implement it:
require('passport-azure-ad').BearerStrategy;
require('passport-azure-ad').OIDCStrategy;
both are configured etc. but now i am just confused over what and how should i implement. I added de/serialzie to passport:
passport.serializeUser((user, done) => {
console.log(' -> Serializing user');
done(null, user);
});
passport.deserializeUser((key, done) => {
console.log(' -> Deserializing user');
usersModule.findById(key,
(err, user) => {
if (err || !user) {
done(null, false, { message: ' -> Could not find user' });
}
else {
done(null, user);
}
});
});
where my userModule is :
'use strict';
const UsersTable = [];
// Structure of User's data
/*
NOT-SURE
*/
const findUserById = (id, fn) => {
console.log(` (Users) Searching for user with id : ${id}`);
console.log(` (Users) Will check total of : ${UsersTable.length} user(s)`);
for (let i = 0, len = UsersTable.length; i < len; i + 1) {
const checkedUser = UsersTable[i];
if (id === checkedUser.id) {
console.log(' (Users) (GOOD) Found user :');
console.log(checkedUser);
return fn(null, checkedUser);
}
}
console.log(' (Users) (BAD) Failed to find user :');
return fn(null, null);
};
const addUser = (user) => {
console.log(' (Users) Adding new user :');
console.log(user);
UsersTable.push(user);
};
module.exports = {
findUserById,
addUser
};
I also added endpoints (for OIDC strategy mostly I think) :
azureADRouter.route('/login').get(
(req, res, next) => {
console.log('Got reuqest on /auth/azuread/login');
next();
},
routeConfig.passport.authenticate('azuread-openidconnect', { session: true })
,
(req, res) => {
// Added to jsut see if anything got here
console.log('Login was called !');
res.send(200);
}
);
azureADRouter.route('/logout').get(
(req, res) => {
console.log('Got reuqest on /auth/azuread/logout');
req.logout();
console.log(` -> Will now attempt to redirect it to : /api/mainpage/`);
res.redirect(`/api/mainpage/`);
}
);
azureADRouter.route('/callback').get(
(req, res, next) => {
console.log('Got reuqest on /auth/azuread/callback');
next();
},
// Authenticateing via Azure AD
routeConfig.passport.authenticate('azuread-openidconnect', { session: true }),
(req, res) => {
// Authenticated successfully
console.log(`Authenticated : ${req.isAuthenticated()}`);
console.log(` -> Will now attempt to redirect it to : /api/mainpage/`);
res.redirect(`/api/mainpage/`);
}
);
I am "a bit" confused with that authentication and its possibilities / best practice.
via Asker
No comments:
Post a Comment