passport-keystone icon indicating copy to clipboard operation
passport-keystone copied to clipboard

Published 20 hours ago verified publisher icon eddywashere

Additional Keystone Strategies

Open bradgignac opened this issue 9 years ago • 3 comments

When attempting to use this library with on a few Rackspace projects, I realized the provided strategy is really intended for a web app where the username and password are provided on a login screen and the result of authentication is stored in the session. While this works great for a web app with a UI, it doesn't translate to building an API where an auth token is provided and must be validated using the Keystone API. In order to allow this library to work well with APIs, I'm proposing the following changes to this library:

  1. Rename Strategy to AuthenticationStrategy that corresponds to Token Authentication
  2. Add support for API key-based authentication to AuthenticationStrategy that corresponds to Example 4.57.
  3. Add TokenValidationStrategy that corresponds to the token validation call in the admin API.
  4. Stop exporting a default strategy. Instead, use named exports to export each individual strategy.
  5. Extract a common set of models for interacting with the result of authentication and validation.
  6. Implement a Connect middleware for session expiration based on token expiration.

Additionally, we might want some additional changes in the future:

  • Support for Keystone v3.
  • Cache the results of token validation in a store like Redis or Memcached.

bradgignac avatar Jul 07 '15 17:07 bradgignac

:: shakes dust off project ::

Thanks for the detailed issue! Originally just needed something to plug and play with an express web app. So many assumptions, glad you still checked this out and gave feedback.

    1. took me awhile to realize what auth types were supported, then I clicked to expand the details for the anchor link. :+1:
  • 2-4) :+1:
    1. it's been awhile, but I'm really only familiar with service catalogs, anything else out there?
    1. new project or include it here?

These items are a great proposal for a v1 release and in general a solid direction for this project. I added you as a collaborator if you've got some of these ideas to push to a branch. Also, wouldn't mind pushing this somewhere a bit more visible like github.com/rackerlabs. just give me a :+1: and I'll move it over.

eddywashere avatar Jul 07 '15 21:07 eddywashere

  1. it's been awhile, but I'm really only familiar with service catalogs, anything else out there?

It exposes the service catalog, the current user, and information about the token.

  1. new project or include it here?

It probably won't be in my first pass of work anyway since we don't actually need it for my project, so we can defer the decision.

bradgignac avatar Jul 07 '15 21:07 bradgignac

Hi Are theses issues still open ? I'm using a fork of this library, and bumped on the some of these problems, so I will develops the workaround soon.

bjamet avatar Feb 13 '17 21:02 bjamet