A Node.js OAuth2 server implementation to allow offline login with o2r-bouncer as part of the o2r reference-implementation. For more information about OAuth2 see the OAUth2 documentation.
Based on the repository https://github.com/gerges-beshay/oauth2orize-examples and the underlying OAuth2 server implementation oauth2orize.
Requirements:
- nodejs
>= 6.2 - npm
Important Note: this server is not for production but only for development and demonstration, because it exposes passwords (in the config file) and private session cookies via API.
The Oauth2 server implementation allows trying out the o2r reference-implementation without going through the ORCID app registration. It implements the following endpoints:
/oauth/authorizeStarts an authorization request granting an authorization code./oauth/loginUser login: Allows to chose between three different uses with basic, advanced and admin rights./oauth/tokenExchange an authorization code for an access token./oauth/cookies/<user id>Retrieve the session cookie of test users for automatic upload.
To mimic the ORCID OAuth2 implementation the demo server submits the username and ORCID ID as custom parameters in the response to the access token request.
The service creates three test users when starting the service:
- A basic user with level
100, - an editor with level
500, - and an admin with level
1000.
The levels are explained in the o2r-web-api entry on user levels.
The demo data makes exploration of the o2r platform with different user roles possible.
It can be configured by editing the testUsers object in config/config.js.
This project includes a Dockerfile which can be built and run with
docker build -t guestlister .
docker run --rm -it -e DEBUG=* guestlisterTo ensure the guestlister allows offline login, these values have to match the the o2r-bouncer configuration, i.e. the client ID, client secret, mongodb configuration and the oauth URLs have to be the same.
GUESTLISTER_PORTDefine on which port guestlister should listen. Defaults to8383.BOUNCER_PORTSpecifies on which port the bouncer is listening. Defaults to8083.GUESTLISTER_MONGODBRequired Location for the mongo db. Defaults tomongodb://localhost:27017/. You will very likely need to change this.GUESTLISTER_MONGODB_DATABASEWhich database inside the mongo db should be used. Defaults tomuncher.OAUTH_URL_AUTHORIZATIONAuthorization URL used for the OAuth2 server. Defaults to/oauth/authorize.OAUTH_URL_TOKENToken URL for the ORCID OAuth2 API. Defaults to/oauth/token.OAUTH_SCOPEScope for the ORCID API. Defaults to/authenticate.OAUTH_CLIENT_IDRequired The client ID for your instance. Defaults totestClient.OAUTH_CLIENT_SECRETRequired The client secret for your instance. Defaults totestSecret.
Guestlister uses express-session for the session management with connect-ensure-login. It stores its own sessions in a collection named guestlist.
For simplicity, both the bouncer data and guestlister sessions are stored in the same database.
Settings have to be provided as environment variables, either at start time or via the debug configuration of your IDE.
To start guestlister execute the following steps.
Start a mongodb instance:
mkdir /tmp/o2r-mongodb-data
mongod --dbpath /tmp/o2r-mongodb-dataStart the o2r-bouncer:
DEBUG=* npm startStart the guestlister:
DEBUG=* npm startYou can then start the offline login process by opening http://localhost:8383/oauth/authorize?response_type=code&scope=/authenticate&client_id=testClient&redirect_uri=http://localhost:8083/api/v1/auth/login and select a test user afterwards.
o2r guestlister is licensed under Apache License, Version 2.0, see file LICENSE.
Copyright (C) 2018 - o2r project.
The code form oauth2orize-examples is licensed under MIT license; see the copyright notice contained in the files under the lib directory for more information.