Meteor Community Logo

Meteor Community

Packosphere

undefined's Avatar

pwix:accounts-iziam

v1.0.0Published last month

pwix:accounts-iziam

What is it ?

A login service for izIAM(©) Identity and Access Manager accounts which implements OpenID Connect 1.0 login flow.

This package is based on:

On client side, this package defines Meteor.loginWithIzIAM() function, which itself calls izIAM.requestCredential().

On server side, the package calls Accounts.addAutopublishFields() whith the fields brought up by izIAM Identity and Access Manager.

How does that work ?

The application which does want take advantage of the izIAM Identity and Access Manager to manage its users accounts must first register as a client against izIAM.

Once registered, it gets a ClientId and a client secret.

It now has to:

  • include the iziamLoginButton component in the ad-hoc place of its pages

  • define the needed configuration as a private JSON structure in its server settings, for example in a private/config/server/environments.json file:

1    "<appname>": {
2        "environments": {
3            "<environment>": {
4                "private": {
5                    "iziam": {
6                        "comments": [
7                            "openbook-dev to iziam-dev - test user for auth code grant flow"
8                        ],
9                        "loginStyle": "popup",
10                        "popupOptions": "{ width: 900, height: 450 }",
11                        "issuerUrl": "http://localhost:3003/iziam",
12                        "client_id": "6eb26be8c55b44f48f2d046232e8cfac",
13                        "client_secret": "edsfvgrtyhujhngbnhjkui3456789okjgfb098765432xwdcfvghjk87654xcfvgh_7654DFGH",
14                        "redirect_uri": "https://slim14.trychlos.lan/_oauth/iziam",
15                        "scopes": [
16                            "openid",
17                            "offline_access"
18                        ]
19                    }
20                }
21            },

This configuration manages:

  • the style and size of the login dialog:

    • loginStyle: either popup or redirect, defaulting to popup.

    • popupOptions: any style option to be given to the popup, defaulting to { width: 900, height: 450 }.

  • the izIAM configuration:

    • issuerUrl: MANDATORY - the URL of the izIAM.

  • the client configuration which must match the izIAM registration:

    • client_id: MANDATORY - the client identifier issued at registration time

    • client_secret: if the client wants authenticate against the token endpoint

    • redirect_uri: one of the pre-registered allowed redirection URIs

    • resources: one or more resources asked by your client application, defaulting to []

    • scopes: one or more scopes your client application wants use, defaulting to [ "openid" ]

    • token_endpoint_auth_method: the client authentication method, defaulting to client_secret_basic

Provides

Functions

Meteor.loginWithIzIAM( options<Object>, ( err ) => {})

An async function which starts the login OpenID flow. It doesn't return any valuable value. In order to get informed about the result of this function, the application has to react on the login status of the user.

Components

iziamChangeButton

A "change password" button Blaze template to be called with following data context:

  • btnClasses

    A list of classes to be added to the button, defaulting to btn-outline-primary;

  • btnLabel

    The button label, defaulting to (translated) 'Change password'.

iziamLoginButton

A login button Blaze template to be called with following data context:

  • btnClasses

    A list of classes to be added to the button, defaulting to btn-outline-primary;

  • btnLabel

    The button label, defaulting to (translated) 'Login with izIAM'.

  • withLabel

    Whether we want display a label in the button, defaulting to true.

  • withLogo

    Whether we want display the izIAM logo in the button, defaulting to true.

  • iziamOptions

    An options object to be passed to pwix:iziam-oidc package and which may contain any openid-client option.

iziamLogoutButton

A logout button Blaze template to be called with following data context:

  • btnClasses

    A list of classes to be added to the button, defaulting to btn-outline-primary;

  • btnLabel

    The button label, defaulting to (translated) 'Logout'.

This is for consistency reason only, and in anyway not mandatory to use. Clicking on the button actually just triggers the Meteor.logout() standard function.

Configuration

None at the moment.

NPM peer dependencies

None at the moment.

Translations

New and updated translations are willingly accepted, and more than welcome. Just be kind enough to submit a PR on the Github repository.

Cookies and comparable technologies

None at the moment.

P. Wieser

  • Last updated on 2024, Nov. 29th