# Title: Passport
Login authentication
is a common business scenario, including "account password login" and "third-party unified login".
Among them, we often use the latter, such as Google, GitHub, QQ unified login, which are based on OAuth specification.
Passport is a highly scalable authentication middleware that supports the Strategy
of Github
,Twitter
,Facebook
, and other well-known service vendors. It also supports login authorization verification via account passwords.
Egg provides an egg-passport plugin which encapsulates general logic such as callback processing after initialization and the success of authentication so that the developers can use Passport with just a few API calls.
The execution sequence of Passport is as follows:
- User accesses page
- Check Session
- Intercept and jump to authentication login page
- Strategy Authentication
- Check and store user information
- Serialize user information to Session
- Jump to the specified page
# Using egg-passport
Below, we will use GitHub login as an example to demonstrate how to use it.
# Installation
$ npm i --save egg-passport |
For more plugins, see GitHub Topic - egg-passport .
# Configuration
Enabling the plugin:
// config/plugin.js |
Configuration:
Note: The egg-passport standardizes the configuration fields, which are unified as key
and secret
.
// config/default.js |
note:
- Create a GitHub OAuth Apps to get the
clientID
andclientSecret
information. - Specify a
callbackURL
, such ashttp://127.0.0.1:7001/passport/github/callback
- You need to update to the corresponding domain name when deploying online - The path is configured viaoptions.callbackURL
, which defaults to/passport/${strategy}/callback
# Mounting Routes
// app/router.js |
# User Information Processing
Then we also need:
- When signing in for the first time, you generally need to put user information into the repository and record the Session.
- In the second login, the user information obtained from OAuth or Session, and the database is read to get the complete user information.
// app.js |
At this point, we have completed all the configurations. For a complete example, see: eggjs/examples/passport
# API
egg-passport provides the following extensions:
ctx.user
- Get current logged in user informationctx.isAuthenticated()
- Check if the request is authorizedctx.login(user, [options])
- Start a login session for the userctx.logout()
- Exit and clear user information from sessionctx.session.returnTo=
- Set redirect address after authentication page success
The API also be provided for:
app.passport.verify(async (ctx, user) => {})
- Check userapp.passport.serializeUser(async (ctx, user) => {})
- Serialize user information into sessionapp.passport.deserializeUser(async (ctx, user) => {})
- Deserialize user information from the sessionapp.passport.authenticate(strategy, options)
- Generate the specified authentication middleware -options.successRedirect
- specifies the redirect address after successful authentication -options.loginURL
- jump login address, defaults to/passport/${strategy}
-options.callbackURL
- callback address after authorization, defaults to/passport/${strategy}/callback
app.passport.mount(strategy, options)
- Syntactic sugar for developers to configure routing
# Using Passport Ecosystem
Passport has many middleware and it is impossible to have the second encapsulation. Next, let's look at how to use Passport middleware directly in the framework. We will use passport-local for "account password login" as an example:
# Installation
$ npm i --save passport-local |
# Configuration
// app.js |
# Mounting Routes
// app/router.js |
# How to develop an egg-passport plugin
In the previous section, we learned how to use a Passport middleware in the framework. We can further encapsulate it as a plugin and give back to the community.
initialization:
$ egg-init --type=plugin egg-passport-local |
Configure dependencies in package.json
:
{ |
Configuration:
// {plugin_root}/config/config.default.js |
Note: egg-passport standardizes the configuration fields, which are unified as key
and secret
, so if the corresponding Passport middleware attribute names are inconsistent, the developer should do the conversion.
Register the passport middleware:
// {plugin_root}/app.js |