Updating SAML auth parameters, updating README

avoidwork · Aug 27, 2014 · 31b79c6 · 31b79c6
1 parent 46ca355
commit 31b79c6
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 41 deletions.
diff --git a/README.md b/README.md
@@ -150,7 +150,7 @@ Google authentication (OpenID) will create `/auth`, `/auth/google`, & `/auth/goo
 ```
 
 ### LinkedIn
-LinkedIn authentication will create `/auth`, `/auth/linkedin`, & `/auth/linkedin/callback` routes. `auth(authCode, authToken, expiresIn, callback)` must execute `callback(err, user)`.
+LinkedIn authentication will create `/auth`, `/auth/linkedin`, & `/auth/linkedin/callback` routes. `auth(token, tokenSecret, profile, callback)` must execute `callback(err, user)`.
 
 ```javascript
 {
@@ -167,17 +167,34 @@ LinkedIn authentication will create `/auth`, `/auth/linkedin`, & `/auth/linkedin
 }
 ```
 
-### Twitter
-Twitter authentication will create `/auth`, `/auth/twitter`, & `/auth/twitter/callback` routes. `auth(token, tokenSecret, profile, callback)` must execute `callback(err, user)`.
+### Local
+Local authentication will create `/login`. `auth(username, password)` must execute `callback(err, user)`.
+
+```javascript
+{
+	"auth": {
+		"local": {
+			"enabled": true,
+			"auth": function ( ... ) { ... }, /* Authentication handler, to 'find' or 'create' a User */
+		}
+		"protect": ["/private"]
+	}
+}
+```
+
+### OAuth2
+OAuth2 authentication will create `/auth`, `/auth/oauth2`, & `/auth/oauth2/callback` routes. `auth(accessToken, refreshToken, profile, callback)` must execute `callback(err, user)`.
 
 ```javascript
 {
 	"auth": {
-		"twitter": {
+		"oauth2": {
 			"enabled": true,
 			"auth": function ( ... ) { ... }, /* Authentication handler, to 'find' or 'create' a User */
-			"consumer_key": "", /* Get this from Twitter */
-			"consumer_secret": "" /* Get this from Twitter */
+			"auth_url": "", /* Authorization URL */
+			"token_url": "", /* Token URL */
+			"client_id": "", /* Get this from Facebook */
+			"client_secret": "" /* Get this from Facebook */
 		},
 		"protect": ["/private"]
 	}
@@ -197,42 +214,35 @@ Twitter authentication will create `/auth`, `/auth/twitter`, & `/auth/twitter/ca
 }
 ```
 
-### Local
-Do not protect `/`, as it'll block the authentication end points. `local` authentication will rely on sessions, so SSL is required for production servers.
+### SAML
+SAML authentication will create `/auth`, `/auth/saml`, & `/auth/saml/callback` routes. `auth(profile, callback)` must execute `callback(err, user)`.
 
+Tensō uses [passport-saml](https://github.com/bergie/passport-saml), for configuration options please visit it's homepage.
+
 ```javascript
 {
 	"auth": {
-		"local": {
+		"saml": {
 			"enabled": true,
-			"auth": function ( req, res ) {
-				if ( !req.session.authorized ) {
-					if ( ... ) {
-						req.session.authorized = true;
-					}
-					else {
-						req.session.authorized = false;
-					}
-
-					req.session.save();
-				}
-
-				if ( req.session.authorized ) {
-					this.redirect( req, res, "/stuff" );
-				}
-				else {
-					this.error( req, res, 401, "Unauthorized" );
-				}
-			},
-			"middleware": function( req, res, next ) {
-				if ( req.session.authorized ) {
-					next();
-				}
-				else {
-					res.redirect( "/login" );
-				}
-			}
-		}
+			...
+		},
+		"protect": ["/private"]
+	}
+}
+```
+
+### Twitter
+Twitter authentication will create `/auth`, `/auth/twitter`, & `/auth/twitter/callback` routes. `auth(token, tokenSecret, profile, callback)` must execute `callback(err, user)`.
+
+```javascript
+{
+	"auth": {
+		"twitter": {
+			"enabled": true,
+			"auth": function ( ... ) { ... }, /* Authentication handler, to 'find' or 'create' a User */
+			"consumer_key": "", /* Get this from Twitter */
+			"consumer_secret": "" /* Get this from Twitter */
+		},
 		"protect": ["/private"]
 	}
 }

diff --git a/lib/tenso.js b/lib/tenso.js
@@ -567,8 +567,8 @@ function auth ( obj, config ) {
 			delete config.enabled;
 			delete config.path;
 
-			passport.use( new SAMLStrategy( config, function ( accessToken, refreshToken, profile, done ) {
-				config.auth.saml.auth( accessToken, refreshToken, profile, function ( err, user ) {
+			passport.use( new SAMLStrategy( config, function ( profile, done ) {
+				config.auth.saml.auth( profile, function ( err, user ) {
 					if ( err ) {
 						delete err.stack;
 						return done( err );

diff --git a/src/auth.js b/src/auth.js
@@ -396,8 +396,8 @@ function auth ( obj, config ) {
 			delete config.enabled;
 			delete config.path;
 
-			passport.use( new SAMLStrategy( config, function ( accessToken, refreshToken, profile, done ) {
-				config.auth.saml.auth( accessToken, refreshToken, profile, function ( err, user ) {
+			passport.use( new SAMLStrategy( config, function ( profile, done ) {
+				config.auth.saml.auth( profile, function ( err, user ) {
 					if ( err ) {
 						delete err.stack;
 						return done( err );