var http = require('http') var url = require('url'); var querystring = require('querystring'); var openid = require('openid'); var express = require('express') var urljoin = require('url-join') var logger = require('../../util/logger') var jwtutil = require('../../util/jwtutil') var urlutil = require('../../util/urlutil') module.exports = function(options) { var extensions = [new openid.SimpleRegistration({ "email" : true, "fullname" : true, })]; var relyingParty = new openid.RelyingParty( urljoin(options.appUrl, "/auth/openid/verify"), null, // Realm (optional, specifies realm for OpenID authentication) false, // Use stateless verification false, // Strict mode extensions) var log = logger.createLogger('auth-openid'); var app = express(); app.set('strict routing', true) app.set('case sensitive routing', true) app.get('/', function(req, res) { res.redirect('/auth/openid/') }) app.get('/auth/openid/', function(req, res) { log.info('openid identifier url: %s', options.openid.identifierUrl) relyingParty.authenticate(options.openid.identifierUrl, false, function(err, authUrl){ if (err){ res.send("auth failed"); } else if(!authUrl){ res.send("auth failed"); } else { log.info("redirect to authUrl: %s", options.openid.identifierUrl); res.redirect(authUrl); } }); }) app.get('/auth/openid/verify', function(req, res){ log.setLocalIdentifier(req.ip) relyingParty.verifyAssertion(req, function(err, result){ log.info("openid verify assertion"); if (err || !result.authenticated) { res.send("Auth failed"); return } var email = req.query['openid.sreg.email']; var name = req.query['openid.sreg.fullname']; log.info('Authenticated "%s:%s"', name, email) var token = jwtutil.encode({ payload: { email: email, name: name }, secret: options.secret }) res.redirect(urlutil.addParams(options.appUrl, {jwt: token})); }) }); http.createServer(app).listen(options.port) log.info('Listening on port %d', options.port) }