search

jaredhanson / passport-openid

OpenID authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-openid/?utm_source=github&utm_medium=referral&utm_campaign=passport-openid&utm_content=about
MIT License
98 stars 85 forks source link

Support for PAPE: the OpenID Provider Authentication Policy Extension #9

Closed jplyle closed 11 years ago

jplyle commented 11 years ago

This pull request provides the passport-openid module with support for the OpenID Provider Authentication Policy Extension (PAPE), as recently added to the node-openid module ( https://github.com/havard/node-openid/commit/5bb00828d46d67dce086fb1348efa56ffe8d03fd ).

The changes consist of some additional code in the strategy file, a new callback invoking section in "verifyAssertion", plus a new test case and a few changes to existing test cases.

Note: this will work with the github version of node-openid, but not the module on NPM, as this has not been updated yet.

jaredhanson commented 11 years ago

Great work, thanks for doing this!

I've merged this in. The only real modification I made was to simplify the arity check for the verify callback. To get PAPE details, the arity must be 4 and pape always follows the profile argument, like so:

new OpenIDStrategy({
    returnURL: 'https://www.example.com/auth/openid/return',
    pape : { 'maxAuthAge' : 600, 'preferredAuthPolicies' : 'multi-factor multi-factor-physical' }
  },
  function(identifier, profile, pape, done) {
    // verify
  }
)

If you aren't interested in the profile, you can simply ignore it. This also allows the OpenID provider to return profile information, regardless of whether or not it was explicitly requested.

I've published this to npm as passport-openid v0.3.0 (which depends on the newly released openid 0.5.0 module).

jplyle commented 11 years ago

Many thanks. You may be interested to know that we're using passportjs in part of our project - https://github.com/webinos/Webinos-Platform - thanks for developing this great module.