Meteor.js and Custom OpenId Connect server

Question

How to do authentication via custom token server in Meteor.js?

Is there any package like accounts-google for custom token server which handles authentication by just taking token endpoints, client id, secrete, and scope as configuration parameter.

Answer 1

I don't know of a generic oauth package. But it shouldn't be too difficult to write a package for your particular server, as there are a number of examples to look at.

Using accounts-github as an example, here's the code for making the connection on the client. Note the endpoint URL, client id, scope, etc. This will handle the popup for you, but you'll probably want to include custom CSS:

var loginUrl =
  'https://github.com/login/oauth/authorize' +
  '?client_id=' + config.clientId +
  '&scope=' + flatScope +
  '&redirect_uri=' + OAuth._redirectUri('github', config) +
  '&state=' + OAuth._stateParam(loginStyle, credentialToken);

OAuth.launchLogin({
  loginService: "github",
  loginStyle: loginStyle,
  loginUrl: loginUrl,
  credentialRequestCompleteCallback: credentialRequestCompleteCallback,
  credentialToken: credentialToken,
  popupOptions: {width: 900, height: 450}
});

And here's a snippet from the server side, completing the process to get an access token:

var getAccessToken = function (query) {
  var config = ServiceConfiguration.configurations.findOne({service: 'github'});
  if (!config)
    throw new ServiceConfiguration.ConfigError();

  var response;
  try {
    response = HTTP.post(
      "https://github.com/login/oauth/access_token", {
        headers: {
          Accept: 'application/json',
          "User-Agent": userAgent
        },
        params: {
          code: query.code,
          client_id: config.clientId,
          client_secret: OAuth.openSecret(config.secret),
          redirect_uri: OAuth._redirectUri('github', config),
          state: query.state
        }
      });
  } catch (err) {
    throw _.extend(new Error("Failed to complete OAuth handshake with Github. " + err.message),
                   {response: err.response});
  }
  if (response.data.error) { // if the http response was a json object with an error attribute
    throw new Error("Failed to complete OAuth handshake with GitHub. " + response.data.error);
  } else {
    return response.data.access_token;
  }
};

And utilizing the token to get the user identity:

var getIdentity = function (accessToken) {
  try {
    return HTTP.get(
      "https://api.github.com/user", {
        headers: {"User-Agent": userAgent}, // http://developer.github.com/v3/#user-agent-required
        params: {access_token: accessToken}
      }).data;
  } catch (err) {
    throw _.extend(new Error("Failed to fetch identity from Github. " + err.message),
                   {response: err.response});
  }
};

The github and the accounts-github packages should be very helpful as references.