87 lines
2.8 KiB
JavaScript
87 lines
2.8 KiB
JavaScript
/**
|
|
* Dependencies
|
|
*/
|
|
var OAuth2Strategy = require('passport-oauth2')
|
|
, InternalOAuthError = require('passport-oauth2').InternalOAuthError
|
|
, util = require('util');
|
|
|
|
/**
|
|
* `Strategy` constructor.
|
|
*
|
|
* The Icy Network authentication strategy authenticates requests by delegating
|
|
* to Icy Network via the OAuth2.0 protocol
|
|
*
|
|
* Applications must supply a `verify` callback which accepts an `accessToken`,
|
|
* `refreshToken` and service-specific `profile`, and then calls the `cb`
|
|
* callback supplying a `user`, which should be set to `false` if the
|
|
* credentials are not valid. If an exception occured, `err` should be set.
|
|
*
|
|
* Options:
|
|
* - `clientID` OAuth ID to icynet
|
|
* - `clientSecret` OAuth Secret to verify client to icynet
|
|
* - `callbackURL` URL that icynet will redirect to after auth
|
|
* - `scope` Array of permission scopes to request
|
|
* Check the official documentation for valid scopes to pass as an array.
|
|
*
|
|
* @constructor
|
|
* @param {object} options
|
|
* @param {function} verify
|
|
* @access public
|
|
*/
|
|
function Strategy(options, verify) {
|
|
options = options || {};
|
|
options.authorizationURL = options.authorizationURL || 'https://secure.icynet.eu/oauth2/authorize';
|
|
options.tokenURL = options.tokenURL || 'https://secure.icynet.eu/oauth2/token';
|
|
options.scopeSeparator = options.scopeSeparator || ' ';
|
|
|
|
this._userProfileURL = options.userProfileURL || 'https://api.icynet.eu/api/user';
|
|
|
|
OAuth2Strategy.call(this, options, verify);
|
|
this.name = 'icynet';
|
|
this._oauth2.useAuthorizationHeaderforGET(true);
|
|
}
|
|
|
|
/**
|
|
* Inherits from `OAuth2Strategy`
|
|
*/
|
|
util.inherits(Strategy, OAuth2Strategy);
|
|
|
|
/**
|
|
* Retrieve user profile from Icy Network.
|
|
*
|
|
* This function constructs a normalized profile.
|
|
* Along with the properties returned from /oauth2/user, properties returned include:
|
|
* - `email` Email address if you requested this scope
|
|
* - `image` Profile picture if you requested this scope
|
|
* - `privilege` Icy Network privilege level if you requested this scope
|
|
* - `accessToken` The access token used to fetch the (may be useful for refresh)
|
|
*
|
|
* @param {string} accessToken
|
|
* @param {function} done
|
|
* @access protected
|
|
*/
|
|
Strategy.prototype.userProfile = function(accessToken, done) {
|
|
var self = this;
|
|
this._oauth2.get(this._userProfileURL, accessToken, function(err, body, res) {
|
|
if (err) {
|
|
return done(new InternalOAuthError('Failed to fetch the user profile.', err))
|
|
}
|
|
|
|
try {
|
|
var parsedData = JSON.parse(body);
|
|
} catch (e) {
|
|
return done(new Error('Failed to parse the user profile.'));
|
|
}
|
|
|
|
var profile = parsedData; // has the basic user stuff
|
|
profile.provider = 'icynet';
|
|
|
|
done(null, profile)
|
|
});
|
|
};
|
|
|
|
/**
|
|
* Expose `Strategy`.
|
|
*/
|
|
module.exports = Strategy;
|