Introduction
Like all SOAJS microservices, OAuth microservice has different layers of configuration. Local configuration, tenant-level configuration if the microservice is a multitenant one, and registry configuration. Moreover, OAuth can have a custom separate database for tokens and users.
Configuration Layers
1 - Tenant configuration
Provisioning is a configuration that all SOAJS micro-services can acquire once you turn on multi-tenant for them. Once a service becomes multi-tenant, you can provide custom tenant configuration to it at run time. If you have 2 tenants that can access the oAuth service, then the provisioned configuration for each tenant will be loaded once that tenant invokes an API in oAuth.
The below configuration is supported by the oAuth micro-service and can be configured & changed at the tenant level under the Manage Pillar.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
{ _id: "%tenant_id%", ... oauth: { secret: "tenant_oauth_secret", pin: { "%product_name%": { enabled: true } }, disabled: 0, //OAuth enabled or not type: 2,//OAuth type loginMode: "%login_mode%" }, .... } |
Follow the Configuration Steps to add and update tenant configuration for OAuth
You can change the values of the below variables to customize secret, type, and loginMode
Name | Type | Description | Example |
---|---|---|---|
secret | String | OAuth secret variable | "secret" |
type | Number | OAuth type | 1 or 2 |
loginMode | String | Oauth Login Mode | URAC or miniURAC |
2 - Environment configuration (registry)
This configuration is on the environment level. OAuth configuration can be added from SOAJS Console.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
{ _id: "%environment_id%", services: { ... config: { ... oauth: { grants: [ "password", "refresh_token" ], debug: false, getUserFromToken: true, accessTokenLifetime: 7200), refreshTokenLifetime: 1209600 }, ... } } } |
Follow the Configuration Steps to add and update environment configuration for OAuth
You can change the values of the below variables to customize grants, debug, getUserFromToken, accessTokenLifetime, and refreshTokenLifetime
Name | Type | Description | Example |
---|---|---|---|
grants | Array | Grant types | ["password"] |
debug | Boolean | Debug | false or true |
getUserFromToken | Boolean | allow to get information about user directly from token | false or true |
accessTokenLifetime | Number | access token lifetime | 7200 |
refreshTokenLifetime | Number | refresh token lifetime | 1209600 |
3 - Custom registry configuration
SOAJS oAuth supports pin login.
So what is is pin login? think of it as a fast way to login by entering a code without the need to enter the complete login information each time aka (email and password).
When is this useful? this is useful in many cases, for example in the hospitality business you might want to turn on pin login so employee can easily key in a code and quickly access the system.
Can i control the code length and type? yes check out SOAJS URAC pin configuration
4 - Separate Database for tokens and users
OAuth can have a separate database that can be added from Deploy tab in SOAJS Console → Databases
Follow the Configuration Steps below to create a database for OAuth
The database should have the name "oauth" to be used.
5 - Tenant Key Configuration (provision)
Info | ||
---|---|---|
| ||
In provision - key configuration |
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
oauth: { loginMode: "urac", //oauth login mode, roaming: { whitelistips: [ "192.168.0.1", "127.0.0.1" ] }, passportLogin: { // 3rd party integrations using passport "github": {...}, "facebook": {...}, "twitter": {...}, "google": {...}, }, azure: {...}, openam: {...}, ldapServer: {...} } |
Follow the Configuration Steps to add and update the key configuration for OAuth
You can change the values of the below variables to customize loginMode and passportLogin
Name | Type | Description | Example |
---|---|---|---|
loginMode | String | Oauth Login Mode | URAC or miniURAC |
roaming | Object | The object contains whitelistips which is an array of strings | roaming: { |
passportLogin | Object | Includes configuration of Facebook, Twitter, Google, and Github in case of 3rd party integration | Details and examples in Passport Login |
azure | Object | Azure configuration object | Details and examples in /wiki/spaces/OAUT/pages/1433927681 |
openam | Object | open-source access management configuration | Details and examples in OpenAM login |
ldapServer | Object | active directory login configuration | Details and examples in LDAP |
Useful Links
Passport Login: Define application keys for passport integration. Currently supporting Github, Twitter, Facebook, and Google. Go to the link for more information and an example of the configuration.
/wiki/spaces/OAUT/pages/1433927681: Azure Active Directory Authentication Libraries allow the integration with Azure AD.
OpenAM login: SSO (Single Sign-On).
LDAP (Lightweight Directory Access Protocol) login: Active directory login.