strongloop / loopback-component-oauth2

oAuth 2.0 server for LoopBack
http://www.strongloop.com
Other
62 stars 60 forks source link

Adding third party client providers for authentication? #34

Closed jamesjjk closed 7 years ago

jamesjjk commented 8 years ago

I would like to add third party oAuth providers for authentication.

Do I register another exchange and create a passport stratagy for google/fb? Any tips here?

I know loopback-passport exists, I have worked extensively with it. However there is no integration between the 2 and the architecture does not match, I could use the createAccessToken and some session storage to store request parameters (scope, app id, etc.) and create an access token on the OAuthAccessToken model but its hacky..

Any tips would be greatly appreciated. Thanks Loopback,

raymondfeng commented 8 years ago

@jamesjjk Can you elaborate your use case? Here is my guess:

  1. You want to use Google/Facebook login
  2. Google/FB generates access tokens for you
  3. You want to call protected APIs using access tokens from 2

Or:

  1. You want to use Google/FB login as the user authentication provider
jamesjjk commented 8 years ago

@raymondfeng Want to use google/fb as additional user auth providers. i.e. client providers. Any help is much appreciated on this.

raymondfeng commented 8 years ago

You probably need to look at https://github.com/strongloop/loopback-component-oauth2/blob/master/lib/oauth2-loopback.js#L805-L834. If you set up a route for loginPath and use Google/FB passport strategy, it might help. This is for user login only. Password based token request needs to customize user.login (https://github.com/strongloop/loopback-component-oauth2/blob/master/lib/oauth2-loopback.js#L257)

jamesjjk commented 8 years ago

@raymondfeng I will give this a go and add an additional login Path and Google/FB strategy. And customise password based token request. Thanks!

jamesjjk commented 8 years ago

@raymondfeng I have implemented third party providers fully configurable in the component-config.. similar to loopback-passport, I will be supporting both authentication and linked profiles - and will provide a PR if its of interest.

I did have a query regarding sessions, the component is configurable not to set session to false, however it immediately throws an error when using for example authorizationCode auth or clientCreds. It should be possible to support an oauth flow without sessions i.e. by returning parameters in the response however it does not look like this is supported properly? The error I get are related to not being able to serialise the client and the user.

jamesjjk commented 8 years ago

@raymondfeng FYI https://github.com/jamesjjk/loopback-component-oauth2/commit/fba49ba2e90fbb00a6889c67a0ebf4a2564bd22f

stale[bot] commented 7 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 7 years ago

This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository.