Adding third party client providers for authentication?

[jamesjjk]

I would like to add third party oAuth providers for authentication.

Do I register another exchange and create a passport stratagy for google/fb? Any tips here?

I know loopback-passport exists, I have worked extensively with it. However there is no integration between the 2 and the architecture does not match, I could use the createAccessToken and some session storage to store request parameters (scope, app id, etc.) and create an access token on the OAuthAccessToken model but its hacky..

Any tips would be greatly appreciated. Thanks Loopback,

[raymondfeng]

@jamesjjk Can you elaborate your use case? Here is my guess:

1. You want to use Google/Facebook login
2. Google/FB generates access tokens for you
3. You want to call protected APIs using access tokens from 2

Or:

1. You want to use Google/FB login as the user authentication provider

[jamesjjk]

@raymondfeng Want to use google/fb as additional user auth providers. i.e. client providers. Any help is much appreciated on this.

[raymondfeng]

You probably need to look at https://github.com/strongloop/loopback-component-oauth2/blob/master/lib/oauth2-loopback.js#L805-L834. If you set up a route for loginPath and use Google/FB passport strategy, it might help. This is for user login only. Password based token request needs to customize user.login (https://github.com/strongloop/loopback-component-oauth2/blob/master/lib/oauth2-loopback.js#L257)

[jamesjjk]

@raymondfeng I will give this a go and add an additional login Path and Google/FB strategy. And customise password based token request. Thanks!

[jamesjjk]

@raymondfeng I have implemented third party providers fully configurable in the component-config.. similar to loopback-passport, I will be supporting both authentication and linked profiles - and will provide a PR if its of interest.

I did have a query regarding sessions, the component is configurable not to set session to false, however it immediately throws an error when using for example authorizationCode auth or clientCreds. It should be possible to support an oauth flow without sessions i.e. by returning parameters in the response however it does not look like this is supported properly? The error I get are related to not being able to serialise the client and the user.

[jamesjjk]

@raymondfeng FYI https://github.com/jamesjjk/loopback-component-oauth2/commit/fba49ba2e90fbb00a6889c67a0ebf4a2564bd22f

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository.