使用服务 api 保护 HTTP 端点

Question

Below is the code, where I am trying to authenticate using third party providers. My authentication call is a service api which is running in different servers. How can authenticate users in my code

//app.js
app.use(passport.initialize());
// Create our Express router
var router = express.Router();
router.route('/test')
    .get(**<first authenticate user using service api http://localhost:1000/authenticate>**, serviceController.getData);
app.listen(2000);

//authController.js
var app = express();
var router = express.Router();
router.post("/authenticate",function(req,res){
//Using third party providers like LDAP or Facebook using Passport
res.send("User authenticated");//Token will be send
});
app.listen(1000);

//authController.js - as function call it is working
var passport = require('passport');
var BasicStrategy = require('passport-http').BasicStrategy;

passport.use(new BasicStrategy(
    function (username, password, callback) {
        // Success
        //return callback(null, true);
    }
));

exports.isAuthenticated = passport.authenticate('basic', { session: false });

Is it possible to secure my api http://localhost:2000/test using LDAP or Facebook authentication. I am looking for something similar to SSO.

Expected result

When I hit http://localhost:2000/test , a request must be made to LDAP or facebook server running in http://localhost:1000/ to validate user and send the response from "User authenticated". Any help on this will be really helpful.

Answer 1

there are couple of possibilities to achieve that using node.js

• Passport Facebook; https://github.com/jaredhanson/passport-facebook
• LDAP for node.js; http://ldapjs.org/

Passport provides plenty of different possibilities to login: twitter, google, facebook, linkedin, instagram. They are pretty easy to implement as well.

Check it here: http://passportjs.org/docs