This repo contains in packages the davidsichau:accounts-et package.
The rest is only for testing.
To use this package:
import { Login } from 'meteor/davidsichau:accounts-eth' <Login loginStyle='redirect' loginLabel='Login Popup'/>
oAuth Helper
Helper for et oAuth Login
Getting Started
install the package with meteor:
meteor add davidsichau:accounts-eth
Dependencies
Required Peer Dependencies
These libraries are not bundled with this package and required at runtime:
Login
Provided Functions
The package provides a function for oAuth Login via the oAuth system.
Meteor.loginWithEt({loginStyle: 'popup'}, callback);
Where loginStyle can bei either popup or redirect depending on the wanted kind of login way. This function then
will start the oAuth login flow and when the callback is called the user is logged in. callback is the standard
callback of meteor login methods.
Provided Components
The package provides a react component which takes care of the login.
import { Login } from 'meteor/davidsichau:accounts-et' <Login />
The component can be provided with the following props:
loginStyle: can be of formredirect,popupwhich defines the oAuth login flow. Default:iframeloginLabel: the label of the popup button. Default:Login
Depending on the login Style the flow differ.
redirect flow
If the user is not logged in the Component will redirect the user to the oAuth Login page and after wards redirect the user back.
popup flow
The component will render a button with the class .oAuthPopupButton (which can be styled with css). When the user
clicks the button a popup opens with the oAuth Login page. The label of the button can be provided by the loginLabe
prop of the Login component.
Configuration
In order that the package works it is required to provide the following document in the
meteor_accounts_loginServiceConfiguration collection:
{ "_id" : "NKECrwdZZT6kYQfhK", "service" : "eth", "url_authorize" : "http://localhost:3010/authorize", "url_token" : "http://localhost:3010/token", "url_identity" : "http://localhost:3010/user/info", "secret" : "provided secret", "client_id" : "provided client id" }
serviceis the name of the login service and is fixed toet.url_authorizeis the url of the authorization endpoint of the oAuth Serverurl_tokenis the url of the token endpoint of the oAuth Serverurl_identityis the url of the identity endpoint of the oAuth Serversecretis the provided secret of the oAuth Server. This needs to be protected and should be never released to
the client side.
client_idis the provided client id of the oAuth Server
User Collection
If a login is successful a new user is generated or if the user already exist the user is logged in.
An example user looks like that:
{ "_id" : "AcgweGSX36T3Bcx7o", "createdAt" : ISODate("2018-04-25T12:02:04.129Z"), "services" : { "et" : { "accessToken" : "_KjwuOetuPObuzlj3XmdEHAqnM6haSQmEvomWmlkjfs", "id" : "LAxF2yJ635f2KZ7ks", "expiresAt" : 1532439829120.0 }, "resume" : { "loginTokens" : [] } }, "profile" : { "userId" : "LAxF2yJ635f2KZ7ks", "email" : "xyz@gmail.com", "firstName" : "ds", "lastName" : "kjk", "gender" : "m", "lang" : "de", "organisation" : "QGm8uyspn8gK6d2fM", "role" : "_user_pupil", "service" : "google" } }
In services et the original user id on the oAuth server is stored and the accessToken, which is required if one wants to call any specific oAuth Server methods in the user context.
In profile the standard information about a user is stored. One can expect that always the following fields are provided:
userId, email, firstName, lastName, gender, lang, organisation and service. Optional fields are
legiNummer and role. In service the used login service is stored the following are possible: password, eth,
google and facebook.
Helper Methods
The package provides two server side helper methods to make API calls against the oAuth Server.
callUserContext(method, url, params) and callClientContext(method, url, params) both methods
expect the same parameters.
method: The HTTP method to use, such as "GET", "POST", or "HEAD".url: The URL to retrieve.params: Optional: Dictionary of request parameters to be encoded and placed in the URL (for GETs) or request body (for POSTs).
The helper methods make sure that the correct authentification is achieved.
callUserContext can only be called if a user is logged in.
To use these methods they need to be imported on the server side of the application:
import { callClientContext, callUserContext} from 'meteor/davidsichau:accounts-eth';
Webauth
Components
import { Webauth, WebauthRegister, WebauthManage } from 'meteor/davidsichau:accounts-eth' function App() { return ( <Webauth>success</Webauth> <WebauthRegister /> ) }
Webauth secures the child component and requires that second factor is checked. If not service is selected it will by default ask to register a device.
WebauthRegister provides a component which will register a new device for webauth.
WebauthManage provides a component which lists all keys and allow removal of them.
Helper Methods
Webauth provides a server side method to check if the connection is secured with second factor:
checkWebauthConnection(connectionId, userId) expect the parameters.
connectionId: The id of the connection.userId: The id of the user.
The method returns true if the connection is secured by second factor and false otherwise.
Disable Webauth
To disable webauth, e.g. for development pass the meteor setting: https://docs.meteor.com/api/core.html#Meteor-settings
{ "public": { "disableWebauth": true } }
To update the package
Run meteor publish inside the accounts-et folder to publish a new version. You should increase the version number for each update.
Useful hooks:
Is called for every oauth login. User is only defined if it already existed.
Accounts.onExternalLogin((options, user) => { console.log(options); console.log(user); options.profile.blub = 'test'; return options; });
Use this to merge user
Accounts.onCreateUser((options, user) => { console.log('onCreateUser'); console.log(options); console.log(user); const customizedUser = { _id: options.profile.userId, user, }; // We still want the default hook's 'profile' behavior. if (options.profile) { customizedUser.profile = options.profile; } return customizedUser; });