first commit

Author: aalonsog

.gitignore

@@ -0,0 +1 @@
+/node_modules

README.md

@@ -0,0 +1,24 @@
+oauth2-example-client
+===================
+
+Oauth2 authentication example for FI-WARE GE applications
+
+- Software requirements:
+
+	+ nodejs 
+	+ npm
+
+- Install the dependencies: 
+
+	npm install
+
+- Configure oaut2 credentials in config.js file (you will find theme in your IDM account)
+
+- Start example server
+
+	sudo node server
+
+- Connect to http://localhost to try the example 
+
+* Connect to http://localhost/logout to delete session cookies once you have logout in IDM portal
+

config.js

@@ -0,0 +1,8 @@
+var config = {}
+
+config.idmURL = 'https://account.lab.fi-ware.eu';
+config.client_id = '';
+config.client_secret = '';
+config.callbackURL = 'http://localhost/login';
+
+module.exports = config;

oauth2.js

@@ -0,0 +1,160 @@
+var querystring= require('querystring'),
+    https= require('https'),
+    http= require('http'),
+    URL= require('url');
+
+exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, accessTokenPath, callbackURL, customHeaders) {
+  this._clientId= clientId;
+  this._clientSecret= clientSecret;
+  this._baseSite= baseSite;
+  this._authorizeUrl= authorizePath || "/oauth/authorize";
+  this._accessTokenUrl= accessTokenPath || "/oauth/access_token";
+  this._callbackURL = callbackURL;
+  this._accessTokenName= "access_token";
+  this._authMethod= "Basic";
+  this._customHeaders = customHeaders || {};
+}
+
+// This 'hack' method is required for sites that don't use
+// 'access_token' as the name of the access token (for requests).
+// ( http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-7 )
+// it isn't clear what the correct value should be atm, so allowing
+// for specific (temporary?) override for now.
+exports.OAuth2.prototype.setAccessTokenName= function ( name ) {
+  this._accessTokenName= name;
+}
+
+exports.OAuth2.prototype._getAccessTokenUrl= function() {
+  return this._baseSite + this._accessTokenUrl;
+}
+
+// Build the authorization header. In particular, build the part after the colon.
+// e.g. Authorization: Bearer <token>  # Build "Bearer <token>"
+exports.OAuth2.prototype.buildAuthHeader= function() {
+  var key = this._clientId + ':' + this._clientSecret;
+  var base64 = (new Buffer(key)).toString('base64');
+  return this._authMethod + ' ' + base64;
+};
+
+exports.OAuth2.prototype._request= function(method, url, headers, post_body, access_token, callback) {
+
+  var http_library= https;
+  var parsedUrl= URL.parse( url, true );
+  if( parsedUrl.protocol == "https:" && !parsedUrl.port ) {
+    parsedUrl.port= 443;
+  }
+
+  // As this is OAUth2, we *assume* https unless told explicitly otherwise.
+  if( parsedUrl.protocol != "https:" ) {
+    http_library= http;
+  }
+
+  var realHeaders= {};
+  for( var key in this._customHeaders ) {
+    realHeaders[key]= this._customHeaders[key];
+  }
+  if( headers ) {
+    for(var key in headers) {
+      realHeaders[key] = headers[key];
+    }
+  }
+  realHeaders['Host']= parsedUrl.host;
+
+  //realHeaders['Content-Length']= post_body ? Buffer.byteLength(post_body) : 0;
+  if( access_token && !('Authorization' in realHeaders)) {
+    if( ! parsedUrl.query ) parsedUrl.query= {};
+    parsedUrl.query[this._accessTokenName]= access_token;
+  }
+
+  var queryStr= querystring.stringify(parsedUrl.query);
+  if( queryStr ) queryStr=  "?" + queryStr;
+  var options = {
+    host:parsedUrl.hostname,
+    port: parsedUrl.port,
+    path: parsedUrl.pathname + queryStr,
+    method: method,
+    headers: realHeaders
+  };
+
+  this._executeRequest( http_library, options, post_body, callback );
+}
+
+exports.OAuth2.prototype._executeRequest= function( http_library, options, post_body, callback ) {
+  // Some hosts *cough* google appear to close the connection early / send no content-length header
+  // allow this behaviour.
+  var allowEarlyClose= options.host && options.host.match(".*google(apis)?.com$");
+  var callbackCalled= false;
+  function passBackControl( response, result ) {
+    if(!callbackCalled) {
+      callbackCalled=true;
+      if( response.statusCode != 200 && (response.statusCode != 301) && (response.statusCode != 302) ) {
+        callback({ statusCode: response.statusCode, data: result });
+      } else {
+        callback(null, result, response);
+      }
+    }
+  }
+
+  var result= "";
+
+  var request = http_library.request(options, function (response) {
+    response.on("data", function (chunk) {
+      result+= chunk
+    });
+    response.on("close", function (err) {
+      if( allowEarlyClose ) {
+        passBackControl( response, result );
+      }
+    });
+    response.addListener("end", function () {
+      passBackControl( response, result );
+    });
+  });
+  request.on('error', function(e) {
+    callbackCalled= true;
+    callback(e);
+  });
+
+  if(options.method == 'POST' && post_body) {
+     request.write(post_body);
+  }
+  request.end();  
+}
+
+exports.OAuth2.prototype.getAuthorizeUrl= function() {
+  return this._baseSite + this._authorizeUrl + '?response_type=code&client_id=' + this._clientId + '&state=xyz&redirect_uri=' + this._callbackURL;
+}
+
+exports.OAuth2.prototype.getOAuthAccessToken= function(code, callback) {
+
+  var post_data = 'grant_type=authorization_code&code=' + code + '&redirect_uri=' + this._callbackURL;
+
+  var post_headers= {
+       'Authorization': this.buildAuthHeader(),
+       'Content-Type': 'application/x-www-form-urlencoded'
+   };
+
+  this._request("POST", this._getAccessTokenUrl(), post_headers, post_data, null, function(error, data, response) {
+    if( error )  callback(error);
+    else {
+      var results;
+      try {
+        // As of http://tools.ietf.org/html/draft-ietf-oauth-v2-07
+        // responses should be in JSON
+        results= JSON.parse(data);
+      }
+      catch(e) {
+        // .... However both Facebook + Github currently use rev05 of the spec
+        // and neither seem to specify a content-type correctly in their response headers :(
+        // clients of these services will suffer a *minor* performance cost of the exception
+        // being thrown
+        results= querystring.parse(data);
+      }
+      callback(null, results);
+    }
+  });
+}
+
+exports.OAuth2.prototype.get= function(url, access_token, callback) {
+  this._request("GET", url, {}, "", access_token, callback);
+}

package.json

@@ -0,0 +1,23 @@
+{
+  "name": "oauth2-example-client",
+  "version": "0.1.0",
+  "description": "Oauth2 authentication example for FI-WARE GE applications",
+  "author": "GING DIT UPM",
+  "dependencies": {
+    "express": "3.x"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ging/oauth2-example-client"
+  },
+  "contributors": [
+    {
+      "name": "Alvaro Alonso",
+      "email": "aalonsog@dit.upm.es"
+    },
+    {
+      "name": "Javier Cerviño",
+      "email": "jcervino@dit.upm.es"
+    }
+  ]
+}

server.js

@@ -0,0 +1,83 @@
+var express = require('express');
+var OAuth2 = require('./oauth2').OAuth2;
+var config = require('./config');
+
+
+// Express configuration
+var app = express();
+app.use(express.logger());
+app.use(express.bodyParser());
+app.use(express.cookieParser());
+app.use(express.session({
+    secret: "skjghskdjfhbqigohqdiouk"
+}));
+
+app.configure(function () {
+    "use strict";
+    app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
+    //app.use(express.logger());
+    app.use(express.static(__dirname + '/public'));
+});
+
+
+// Config data from config.js file
+var client_id = config.client_id;
+var client_secret = config.client_secret;
+var idmURL = config.idmURL;
+var callbackURL = config.callbackURL;
+
+// Creates oauth library object with the config data
+var oa = new OAuth2(client_id,
+                    client_secret,
+                    idmURL,
+                    '/oauth2/authorize',
+                    '/oauth2/token',
+                    callbackURL);
+
+// Handles requests to the main page
+app.get('/', function(req, res){
+
+    // If auth_token is not stored in a session cookie it redirects to IDM authentication portal 
+    if(!req.session.oauth_token) {
+
+        var path = oa.getAuthorizeUrl();
+        res.redirect(path);
+
+    // If auth_token is stored in a session cookie goes to the main page and prints some user data (getting it also from the session cookie) 
+    } else {
+
+        var user = JSON.parse(req.session.user);
+        res.send("Wellcome " + user.displayName + "<br> Your email address is " + user.email);
+    }
+});
+
+// Handles requests from IDM with the access code
+app.get('/login', function(req, res){
+   
+    // Using the access code goes again to the IDM to obtain the access_token
+    oa.getOAuthAccessToken(req.query.code, function (e, results){
+
+        // Stores the access_token in a session cookie
+        req.session.oauth_token = results.access_token;
+
+        var url = config.idmURL + '/user/';
+
+        // Using the access token asks the IDM for the user info
+        oa.get(url, results.access_token, function (e, response) {
+
+            // Stores the user info in a session cookie and redirects to the main page
+            req.session.user = response;
+            res.redirect('/');
+        });
+    });
+});
+
+// Handles logout requests to remove access_token from the session cookie
+app.get('/logout', function(req, res){
+
+    req.session.oauth_token = undefined;
+    res.redirect('/');
+});
+
+console.log('Server listen in port 80. Connect to localhost');
+app.listen(80);