Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Authentication in Loopback Applications Against Bluemix

DZone's Guide to

Authentication in Loopback Applications Against Bluemix

This article describes how to authenticate from LoopBack applications against the Single Sign On service in Bluemix so that you can leverage existing enterprise directories.

· Cloud Zone
Free Resource

Learn how our document data model can map directly to how you program your app, and native database features like secondary indexes, geospatial and text search give you full access to your data. Brought to you in partnership with MongoDB.

The Node.js API framework LoopBack supports third-party logins to authenticate users and to link accounts. 

Get the code from GitHub.

The Single Sign On service supports different identity providers. For example enterprise customers typically use SAML. If customers don’t have an SAML identity provider, they can install an Identity Bridge on premises which externalizes the SAML protocol to an LDAP version 3 compliant directory. In the sample below, I use a cloud directory with some test users, but the application code would be identical when using SAML.

LoopBack leverages passport to support third party logins via the loopback-component-passport module. The sample on GitHub shows how to authenticate against Facebook, Google, and Twitter.

In order to authenticate against the Single Sign On service, you need to use the passport-idaas-openidconnect module. The tricky part is to do the right configuration since the documentation is a little light. Here is the key part of the code. In order to read the credentials from the Bluemix context, the provider is not defined in a static property file but programmatically.

var options = {
 "provider": "ibm",
 "module": "passport-idaas-openidconnect",
 "strategy": "IDaaSOIDCStrategy",
 "clientID": ssoConfig.credentials.clientId,
 "clientSecret": ssoConfig.credentials.secret,
 "authorizationURL": ssoConfig.credentials.authorizationEndpointUrl,
 "tokenURL": ssoConfig.credentials.tokenEndpointUrl,
 "scope": "openid",
 "response_type": "code",
 "callbackURL": "/auth/ibm/callback",
 "skipUserProfile": true,
 "issuer": ssoConfig.credentials.issuerIdentifier,
 "authScheme": "openid connect",
 "authPath": "/auth/ibm",
 "session": true,
 "failureFlash": true
};
passportConfigurator.configureProvider("ibm", options);

After this, you can log in as a user defined in the cloud directory. Check out the screenshots folder for more details.

login-2

login-3

Discover when your data grows or your application performance demands increase, MongoDB Atlas allows you to scale out your deployment with an automated sharding process that ensures zero application downtime. Brought to you in partnership with MongoDB.

Topics:
cloud ,bluemix ,ibm

Published at DZone with permission of Niklas Heidloff, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}