Serveur de démonstration de la façade d'authentification
Exemple d'implémentation d'un serveur de démonstration de la façade d'authentification
Test
Le but de cet exemple est de tester la façade d'authentification avec un implémentation OAuth du marché, en l'occurrence ici celle de GitHub.
Mode opératoire {#mode-opératoire}
Sauvegarder le source par exemple sous authgw-demo.ts
, puis lancer le serveur avec :
OKAPI_LOG_LEVEL=debug npx ts-node authgw-demo.ts
Renseigner les données d'authentification :
export OKAPI_KEY="macleokapi"
export GITHUB_LOGIN="monlogingithub"
export GITHUB_CLIENT_ID="monclientidgithub"
export GITHUB_CLIENT_SECRET="monclientsecretgithub"
Requête de demande d'autorisation :
curl -i -XPOST "http://localhost:3000/auth/myapi/v2/authorize" \
-H "X-Okapi-Key: ${OKAPI_KEY}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=${GITHUB_CLIENT_ID}" \
-d "login=${GITHUB_LOGIN}" \
-d "redirect_uri=http://localhost:3000/oauth/callback" \
-d "response_type=code"
A l'issue, récupérer le code d'activation depuis l'URL redirigée :
export ACTIVATION_CODE="codeactivation"
Requête de demande de token :
curl -i -XPOST "http://localhost:3000/auth/myapi/v2/token" \
-H "X-Okapi-Key: ${OKAPI_KEY}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=${GITHUB_CLIENT_ID}" \
-d "client_secret=${GITHUB_CLIENT_SECRET}" \
-d "code=${ACTIVATION_CODE}"
Récupérer le token dans la réponse :
export ACCESS_TOKEN="accesstoken"
Consommation de l'API :
# à renseigner : myaccesstoken
curl -i "http://localhost:3000/" \
-H "Authorization: Bearer ${ACCESS_TOKEN}"
Source
import { RedisClient } from '@laposte-okapi/okapi-commons/services/redis-client'
import { fromCallback } from '@laposte-okapi/okapi-commons/utils/helper'
import { log } from '@laposte-okapi/okapi-commons/utils/log'
import * as express from 'express'
import authMiddleware from '@laposte-okapi/okapi-apigw/authgw'
import { ApiLoader, AppContextLoader, SubscriptionLoader } from '@laposte-okapi/okapi-apigw/types/authgw'
const redisClient = new RedisClient()
const loadApi: ApiLoader = async () => ({
extra: {
auth: {
authorizeUrl: 'https://github.com/login/oauth/authorize',
params: [
'allow_signup',
'client_id',
'login',
'redirect_uri',
'response_type',
'scope',
'state',
],
tokenUrl: 'https://github.com/login/oauth/access_token',
},
},
id: 'my api id',
name: 'MyApi',
ownerId: 'my api owner id',
urlContext: 'myapi',
version: '2',
})
const loadApp: AppContextLoader = async () => ({
app: {
id: 'my app id',
name: 'MyApp',
ownerId: 'my app owner id',
},
id: 'my app key id',
sandbox: false,
user: {
email: 'johndoe@laposte.io',
id: 'my user id',
roleIds: [],
username: 'johndoe',
},
value: 'MyAppKey',
})
const loadSubscription: SubscriptionLoader = async () => ({
apiId: 'my api id',
appId: 'my app id',
id: 'my subscription id',
planId: 'my plan id',
})
const requestContext = {
app: {
callbackUrl: 'http://localhost:3000/callback',
id: 'myappid',
},
}
const app = express()
async function run() {
app.get('/', (__: express.Request, res: express.Response) => {
res.send('Hello World!')
})
app.use((__: express.Request, res, next) => {
res.locals.okapi = requestContext
next()
})
await redisClient.start()
app.use('/auth', await authMiddleware.register(redisClient, loadApi, loadApp, loadSubscription))
await fromCallback(cb => {
app.listen(3000, cb)
})
}
run()
.then(() => {
log.info('server is listening on port 3000')
})