Initial commit (#1)

.circleci/config.yml

@@ -0,0 +1,45 @@
+version: 2
+jobs:
+  test:
+    docker:
+      - image: circleci/node:9.2
+    steps:
+      - checkout
+      - run: yarn install
+      - run: yarn bootstrap
+      - run: yarn run flow
+      - run: yarn run test
+      - run: yarn run build
+
+  deploy:
+    docker:
+      - image: circleci/node:9.2
+    steps:
+      - checkout
+      - run: yarn install
+      - run: yarn bootstrap
+      - run: yarn run build
+      - run: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
+      - run: yarn run publish
+      - run: git add -A
+      - run: git commit -a -m "Bump to version $(git describe --tag)"
+      - run: git remote rm origin
+      - run: git remote add origin https://arekkas:[email protected]/ory/hydra-consent-app-auth0.git
+      - run: git push origin
+
+workflows:
+  version: 2
+  "test and deploy":
+    jobs:
+      - test:
+          filters:
+            tags:
+              only: /.*/
+      - deploy:
+          requires:
+            - test
+          filters:
+            tags:
+              only: /.*/
+            branches:
+              ignore: /.*/

.gitignore

@@ -0,0 +1,5 @@
+node_modules/
+*.log
+*.log*
+./build
+.idea

README.md

@@ -1,2 +1,43 @@
 # hydra-consent-app-auth0
-A consent app that works with Auth0 as an Identity Provider
+
+[![CircleCI](https://circleci.com/gh/ory/hydra-consent-app-auth0/tree/master.svg?style=shield)](https://circleci.com/gh/ory/hydra-consent-app-auth0/tree/master)
+
+This repository contains a library and an exemplary express application that connects ORY Hydra with Auth0.
+
+
+
+```
+LOG_LEVEL=debug \
+    FORCE_ROOT_CLIENT_CREDENTIALS=root:secret \
+    CONSENT_URL=http://localhost:6001/auth/consent \
+    DATABASE_URL=memory \
+    ISSUER_URL=http://localhost:4444/ \
+    hydra host --dangerous-force-http
+
+LOG_LEVEL=debug \
+    HYDRA_URL=http://localhost:4444/ \
+    HYDRA_CLIENT_SECRET=secret \
+    HYDRA_CLIENT_ID=root \
+    PORT=6001 \
+    yarn start
+
+hydra token user \
+    --auth-url=http://localhost:4444/oauth2/auth \
+    --token-url=http://localhost:4444/oauth2/token \
+    --id=root \
+    --secret=secret
+```
+
+
+## Configuration
+
+AUTH0_CLIENT_ID=
+AUTH0_CLIENT_SECRET=
+AUTH0_DOMAIN=
+AUTH0_CALLBACK_URL=
+
+HYDRA_CLIENT_ID=
+HYDRA_CLIENT_SECRET=
+HYDRA_URL=
+
+COOKIE_SECRET=

docker-compose.yml

@@ -0,0 +1,37 @@
+version: '2'
+
+services:
+  hydra:
+    image: oryd/hydra:v0.10.0-alpha.21
+    networks:
+      - subnet
+    ports:
+      - "4444:4444"
+      - "4445:4445"
+    environment:
+      - CONSENT_URL=http://localhost:4446/auth/consent
+      - DATABASE_URL=memory
+      - FORCE_ROOT_CLIENT_CREDENTIALS=root:secret
+      - ISSUER=http://localhost:4444/
+      - LOG_LEVEL=debug
+    restart: unless-stopped
+    command: "host --dangerous-force-http"
+
+  consent-app:
+    build:
+      context: example/
+      dockerfile: Dockerfile
+    environment:
+      - AUTH0_CLIENT_ID=${AUTH0_CLIENT_ID}
+      - AUTH0_CLIENT_SECRET=${AUTH0_CLIENT_SECRET}
+      - AUTH0_DOMAIN=${AUTH0_DOMAIN}
+      - AUTH0_CALLBACK_URL=http://localhost:6001/auth/callback
+
+    networks:
+      - subnet
+    ports:
+      - "4446:3000"
+
+networks:
+  subnet:
+    driver: bridge

example/Dockerfile

@@ -0,0 +1,15 @@
+FROM node:9.2-alpine
+
+RUN mkdir -p /usr/src/app
+WORKDIR /usr/src/app
+
+ENV PORT=3000
+
+ADD ./package.json ./package.json
+ADD ./yarn.lock ./yarn.lock
+RUN yarn install
+
+ADD . .
+ENTRYPOINT yarn start
+
+EXPOSE 3000

example/app.js

@@ -0,0 +1,65 @@
+var express = require('express');
+var logger = require('morgan');
+var routes = require('./routes/index');
+var initializeMiddleware = require('hydra-consent-sdk').initializeMiddleware;
+var path = require('path');
+var passport = require('passport');
+var initializePassport = require('hydra-consent-sdk').initializePassport;
+var winston = require('winston');
+
+winston.level = process.env.LOG_LEVEL
+initializePassport(passport, winston)
+
+var app = express();
+
+app.locals.basePath = process.env.PUBLIC_URL
+app.locals.pageTitle = 'ORY Hydra Authentication'
+app.locals.redirectUrl = process.env.DEFAULT_REDIRECT_URL
+
+// view engine setup
+app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'jade');
+
+app.use(logger('dev'))
+
+// Initialize hydra-consent-sdk middlewares
+initializeMiddleware(app, passport)
+
+app.use(express.static(path.join(__dirname, '..', 'public')))
+
+app.use('/', routes);
+
+// catch 404 and forward to error handler
+app.use(function (req, res, next) {
+  var err = new Error('Not Found');
+  err.status = 404;
+  next(err);
+});
+
+// error handlers
+
+// development error handler
+// will print stacktrace
+if (app.get('env') === 'development') {
+  app.use(function (err, req, res, next) {
+    res.status(err.status || 500);
+    res.render('error', {
+      code: err.status || 500,
+      message: err.message,
+      error: err
+    });
+  });
+}
+
+// production error handler
+// no stacktraces leaked to user
+app.use(function (err, req, res, next) {
+  res.status(err.status || 500);
+  res.render('error', {
+    code: err.status || 500,
+    message: err.message
+  });
+});
+
+
+module.exports = app;

example/bin/www

@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var app = require('../app');
+var debug = require('debug')('example:server');
+var http = require('http');
+
+/**
+ * Get port from environment and store in Express.
+ */
+
+var port = normalizePort(process.env.PORT || '3000');
+app.set('port', port);
+
+/**
+ * Create HTTP server.
+ */
+
+var server = http.createServer(app);
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+server.listen(port);
+server.on('error', onError);
+server.on('listening', onListening);
+
+/**
+ * Normalize a port into a number, string, or false.
+ */
+
+function normalizePort(val) {
+  var port = parseInt(val, 10);
+
+  if (isNaN(port)) {
+    // named pipe
+    return val;
+  }
+
+  if (port >= 0) {
+    // port number
+    return port;
+  }
+
+  return false;
+}
+
+/**
+ * Event listener for HTTP server "error" event.
+ */
+
+function onError(error) {
+  if (error.syscall !== 'listen') {
+    throw error;
+  }
+
+  var bind = typeof port === 'string'
+    ? 'Pipe ' + port
+    : 'Port ' + port;
+
+  // handle specific listen errors with friendly messages
+  switch (error.code) {
+    case 'EACCES':
+      console.error(bind + ' requires elevated privileges');
+      process.exit(1);
+      break;
+    case 'EADDRINUSE':
+      console.error(bind + ' is already in use');
+      process.exit(1);
+      break;
+    default:
+      throw error;
+  }
+}
+
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+
+function onListening() {
+  var addr = server.address();
+  var bind = typeof addr === 'string'
+    ? 'pipe ' + addr
+    : 'port ' + addr.port;
+  debug('Listening on ' + bind);
+}

example/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "hydra-consent-auth0-example",
+  "version": "0.0.0",
+  "private": true,
+  "scripts": {
+    "start": "node ./bin/www"
+  },
+  "dependencies": {
+    "body-parser": "~1.15.1",
+    "connect-ensure-login": "^0.1.1",
+    "cookie-parser": "~1.4.3",
+    "csurf": "^1.9.0",
+    "debug": "~2.2.0",
+    "express": "~4.13.4",
+    "hydra-consent-sdk": "0.0.0",
+    "jade": "~1.11.0",
+    "morgan": "~1.7.0",
+    "passport": "^0.4.0",
+    "serve-favicon": "~2.3.0",
+    "winston": "^2.4.0"
+  }
+}

example/routes/index.js

@@ -0,0 +1,58 @@
+var express = require('express');
+var passport = require('passport');
+var consent = require('hydra-consent-sdk');
+var csrf = require('csurf');
+var winston = require('winston');
+var ensureLoggedIn = require('connect-ensure-login').ensureLoggedIn;
+
+var auth0 = consent.auth0;
+var consentValidator= consent.consentValidator;
+var consentHandler= consent.consentHandler;
+var router = express.Router();
+
+winston.level = process.env.LOG_LEVEL;
+
+var csrfProtection = csrf({ cookie: true });
+
+// The scope we need for Auth0 to fetch profile information
+var scope = 'openid profile email';
+
+router.get(
+  '/auth/login',
+  consentValidator,
+  passport.authenticate('auth0', {
+    clientID: auth0.client.id,
+    domain: auth0.domain,
+    redirectUri: auth0.callback,
+    responseType: 'code',
+    audience: 'https://' + auth0.domain + '/userinfo',
+    scope
+  }),
+  (r, w) => {
+    w.redirect('/auth/consent');
+  }
+);
+
+router.get('/auth/logout', (r, w) => {
+  r.logout();
+  w.render('logged-out');
+});
+
+router.get(
+  '/auth/callback',
+  passport.authenticate('auth0'),
+  (r, w) => {
+    w.redirect('/auth/consent');
+  }
+);
+
+router.use('/auth/consent',
+  consentValidator,
+  ensureLoggedIn('/auth/login'),
+  csrfProtection,
+  consentHandler({
+    logger: winston
+  })
+);
+
+module.exports = router;