Authentication and authorization (password, facebook, & more) for your node.js Connect and Express apps.
There is a NodeTuts screencast of everyauth here
There is also a Google Groups (recently created) here to post questions and discuss potential ideas and extensions to the library.
So far, everyauth enables you to login via:
| Authenticate Via | Credits |
|---|---|
| Password | |
| | |
| | |
| | |
| | RocketLabs Development |
| | |
| | Torgeir |
Tumblr | |
| | Danny Amey |
| | |
| | |
| | |
| | |
| | slickplaid |
Vimeo | slickplaid |
| | |
| | Alfred Nerstu |
| | |
| | Kenan Shifflett |
| | Christoph Giesel |
| | Alexey Simonenko |
| | Alexey Gordeyev |
| | Rodolphe Stoclin |
| | Andrew Kramolisch |
TripIt | Damian Krzeminski |
| | Danny Amey |
| | Chris Leishman |
| | ufssf |
Mailchimp
| Winfred Nadeau |
| | Eduard Baun |
| | Jeff Zabel from Datahero |
| | Jeff Zabel from Datahero |
| | |
| | RocketLabs Development, Andrew Mee, Brian Noguchi |
| LDAP / ActiveDirectory | Marek Obuchowicz from Korekontrol |
| Windows Azure Access Control Service (ACS) | Dario Renzulli, Juan Pablo Garcia, Matias Woloski from Southworks |
everyauth is:
$ npm install everyauth
Incorporate everyauth into your express app in just 2 easy steps.
Add the Middleware to Express
```javascript var everyauth = require('everyauth'); // Step 1 code goes here
// Step 2 code var express = require('express'); var app = express(); app .use(express.bodyParser()) .use(express.cookieParser('mr ripley')) .use(express.session()) .use(everyauth.middleware(app)); ```
There is an example application at ./example
To run it:
$ cd example
$ node server.js
Important - Some OAuth Providers do not allow callbacks to localhost, so you will need to create a localhost
alias called local.host. Make sure you set up your /etc/hosts so that 127.0.0.1 is also
associated with 'local.host'. So inside your /etc/hosts file, one of the lines will look like:
127.0.0.1 localhost local.host
Then point your browser to http://local.host:3000
$ npm install everyauth --dev
Then, update test/creds.js with credentials that the integration tests use to login to each 3rd party service.
$ make test
If you are using express or connect, then everyauth
provides an easy way to access the user as:
req.user from your app servereveryauth.user via the everyauth helper accessible from your express views.user as a helper accessible from your express viewsTo access the user, configure everyauth.everymodule.findUserById and
optionally everyauth.everymodule.userPkey.
For example, using mongoose:
everyauth.everymodule.findUserById( function (userId, callback) {
User.findById(userId, callback);
// callback has the signature, function (err, user) {...}
});
If you need access to the request object the function can have three arguments:
everyauth.everymodule.findUserById( function (req, userId, callback) {
// use the request in some way ...
// callback has the signature, function (err, user) {...}
});
Once you have configured this method, you now have access to the user object
that was fetched anywhere in your server app code as req.user. For instance:
var app = require('express').createServer()
// Configure your app
app.get('/', function (req, res) {
console.log(req.user); // FTW!
res.render('home');
});
Moreover, you can access the user in your views as everyauth.user or as user.
//- Inside ./views/home.jade
span.user-id= everyauth.user.name
#user-id= user.id
everyauth assumes that you store your users with an id property. If not --
e.g, if you adopt the convention user.uid over user.id -- then just make
sure to configure the everyauth.everymodule.userPkey parameter:
everyauth.everymodule.userPkey('uid');
If you are using express, everyauth comes with some useful dynamic helpers. To enable them:
var express = require('express')
, everyauth = require('everyauth')
, app = express.createServer();
everyauth.helpExpress(app);
Then, from within your views, you will have access to the following helpers methods
attached to the helper, everyauth:
everyauth.loggedIneveryauth.user - the User document associated with the sessioneveryauth.facebook - The is equivalent to what is stored at req.session.auth.facebook,
so you can do things like ...everyauth.facebook.user - returns the user json provided from the OAuth provider.everyauth.facebook.accessToken - returns the access_token provided from the OAuth provider
for authorized API calls on behalf of the user.everyauth.twitter.user,
everyauth.github.user, etc.You also get access to the view helper
user - the same as everyauth.user aboveAs an example of how you would use these, consider the following ./views/user.jade jade template:
.user-id
.label User Id
.value #{user.id}
.facebook-id
.label User Facebook Id
.value #{everyauth.facebook.user.id}
If you already have an express helper named user, then you can configure
everyauth to use a different helper name to access the user object that
everyauth manages. To do so, leverage the userAlias option for
everyauth.helpExpress:
everyauth.helpExpress(app, { userAlias: '__user__' });
Then, you could access the user object in your view with the helper __user__
instead of the default helper user. So you can compare with the default use
of helpers given previously, the alternative leveraging userAlias would look like:
.user-id
.label User Id
.value #{__user__.id}
.facebook-id
.label User Facebook Id
.value #{everyauth.facebook.user.id}
everyauth also provides convenience methods on the ServerRequest instance req.
From any scope that has access to req, you get the following convenience getters and methods:
req.loggedIn - a Boolean getter that tells you if the request is by a logged in userreq.user - the User document as$ claude mcp add everyauth \
-- python -m otcore.mcp_server <graph>