oauth2 component
302 views
Skip to first unread message
Jose Lopez
Apr 19, 2016, 7:29:45 AM4/19/16
to loopb...@googlegroups.com
Hi all,
I'm trying to create an oauth2 server (authorization and resource). I installed loopback-component-oauth2 but don't understand how to setup and configure the oauth2 server.
I've read the official documentation in loopback site but wasn't enough.
Thanks in advance
Dmitry Z
Apr 21, 2016, 6:09:44 AM4/21/16
to LoopbackJS
I also tried to understand official docs but it really does not help but misleads.
So for the first step just look on https://github.com/strongloop/strong-gateway and then read more about oauth2 like http://bshaffer.github.io/oauth2-server-php-docs/ and https://aaronparecki.com/2012/07/29/2/oauth2-simplified articles.
After that add oauth2 component and migrate models from it.
Then you can use
const oauth2 = require('loopback-component-oauth2');
let auth = oauth2.authenticate(['/api'], {session: false, scope: 'basic'})
app.middleware('auth:after', ['/api'], auth);in your server.js file.
and in the end copy and test this file https://github.com/strongloop/strong-gateway/blob/master/test/grant.client_credentials.js
So far you can get tokens after populating your database with client data
Potentially this configs have to be enough but as for me, it does not work correctly when I'm trying to use my api. Passport starts to warn about user serialization for session, BUT I do not need sessions! So I'm researching how to improve this configuration.
Dmitry Z
Apr 21, 2016, 8:36:53 AM4/21/16
to LoopbackJS
Finished with my configuration of oauth, so it was not so hard but examples really mislead.
So at the end found that has wrong middleware configuration
With this one oauth server works fine
let auth = oauth2.authenticate({session: false, scope: 'basic'});
app.middleware('auth:after', '/api', auth);Jose Lopez
Apr 21, 2016, 1:11:00 PM4/21/16
to LoopbackJS
Thanks you so much Dmitry! I'm going to try it next week, for now i'm very busy =S
Just another question, when you said migrate models, what you mean is manually create it?
Thanks again!
Dmitry Z
Apr 21, 2016, 1:39:39 PM4/21/16
to LoopbackJS
oauth component relies on its own models so you need to create tables in your datastore.
For such flow I created script that I use during setting up my environment
'use strict';
// avoid "possible EventEmitter memory leak detected" warning
require('events').EventEmitter.prototype._maxListeners = 0
const server = require('./../server');
const ds = server.dataSources.db;
const lbTables = [
// core built in models
'User',
'AccessToken',
'ACL',
'RoleMapping',
'Role',
'Application',
// component oauth2 models
'OAuthAuthorizationCode',
'OAuthClientApplication',
'OAuthPermission',
'OAuthScope',
'OAuthScopeMapping',
'OAuthAccessToken'
];
ds.automigrate(lbTables, function (er) {
if (er) {
throw er;
}
console.log('Loopback tables [' + lbTables + '] created in ', ds.adapter.name);
ds.disconnect();
});
this script ensures that only these models will be created from models. In my project we have differences from tables settings so we are using knexjs migrations for all our models.
Another way of doing migrations core tables are following second choice from docs: auto-update
'use strict'
const app = require('../server')
const ds = app.dataSources.db
// avoid "possible EventEmitter memory leak detected" warning
require('events').EventEmitter.prototype._maxListeners = 0
if (ds) {
console.info('Auto-updating database: %j', ds.settings)
ds.autoupdate(function (err) {
if (err) {
console.error('Error in setting database: %j', err)
}
console.info('Database is set up')
ds.disconnect()
})
}
this script will create tables from all models. So far you can choose your way of preparing database.
Julie Tétard
Jun 10, 2016, 10:46:50 AM6/10/16
to LoopbackJS
Hi all,
Very interesting thread but Im' afraid not enough for me to manage to implement Oauth without using the strong API Gateway.
Since the latter is now deprecated I would like to implement Oauth using only looopback-component-oauth2.
I can't figure out through your messages if it's what you're trying to do for sure but I'm hoping it is.
If so, would you be kind enough to fork you implementation somewhere or give me information about how you managed to implement all the interface part without using the API Gateway, is it only possible ?
Thanks in advance for you answer.
Julie
Very interesting thread but Im' afraid not enough for me to manage to implement Oauth without using the strong API Gateway.
Since the latter is now deprecated I would like to implement Oauth using only looopback-component-oauth2.
I can't figure out through your messages if it's what you're trying to do for sure but I'm hoping it is.
If so, would you be kind enough to fork you implementation somewhere or give me information about how you managed to implement all the interface part without using the API Gateway, is it only possible ?
Thanks in advance for you answer.
Julie
Jose Lopez
Jun 10, 2016, 11:25:16 AM6/10/16
to LoopbackJS
What we are trying to do is to create an oauth2 server in which a client can request users data via oauth2 tokens.
Just to clarify, this is not for let users login in your app with Facebook or another third-party service.
I just return to job and I'm doing what Dimitry said.
Jose Lopez
Jun 22, 2016, 10:13:10 AM6/22/16
to LoopbackJS
Dmitry, did you finally get oauth flow start??
It passed all the test you said but now I can't understand how to start the flow, and where to put the decission dialog view. I'm a bit confused on that way.
Dmitry Z
Jun 23, 2016, 5:09:10 PM6/23/16
to LoopbackJS
yes, I use the solution that I described in my message. It works great without any changes since that.
I am not completely understand what is you want to put, but I think you probably need to create new user in your database and then create new oauthclientapplication and after that new oauthpermission and after that you can use your application's credentials to login and get token for next api usage.
Jose Lopez
Jun 29, 2016, 10:41:04 AM6/29/16
to LoopbackJS
Finally I get it work!
I used ejs views for decission dialog like loopback examples.
Luca Pau
Jun 29, 2016, 12:31:05 PM6/29/16
to LoopbackJS
Hi Jose,
can you give a working sample project with oauth2?
Many thank you
Jose Lopez
Jun 29, 2016, 12:37:36 PM6/29/16
to LoopbackJS
You can do what Dmitry said, just follow the steps described before. Ensure to use HTTPS.
If you have any question ask about and I'll try to help you.
Ryan Kelly
Jan 16, 2017, 4:57:41 PM1/16/17
to LoopbackJS
Hello all, I think I am close since when I turn on the oauth middleware I get `unauthorized` response from my api endpoint. However, I am not able to successfully authorize using test data. Right now, I am using an in memory db and populate the db with a test user and application.
I have posted all of my oauth related config to this gist - https://gist.github.com/remotevision/9bd478e08ce97929c69527dcff4e6a0d
Would someone that has successfully enabled the loopback-component-oauth2 please take a look and let me know if you notice anything?
Ryan Kelly
Jan 23, 2017, 10:11:48 PM1/23/17
to LoopbackJS
I opened an Issue as I believe this is a bug.
Reply all
Reply to author
Forward
0 new messages