Citrix online authentication strategy for Passport.
npm install passport-citrix2Citrix Online authentication strategy for Passport.
This module implements a passport strategy for authenticating against the
Citrix Online authentication process (the GoTo* products). This is a variant
on OAuth 2.0, but with differences in how the access token is requested
(GET vs POST).
To get an API key, see: https://developer.citrixonline.com
$ npm install passport-citrix2
#### Configure Strategy
The strategy requires session support, and the apiKey and callback options are mandatory. A verify callback
receives access token, plus information needed refresh the token along with the user profile, and calls done
providing a user. verify should either check the user is an existing account, or initiate the process for
registering a new account.
var CitrixStrategy = require('citrix-passport2').Strategy
passport.use(new CitrixStrategy({
apiKey: 'CITRIX ONLINE API KEY',
callbackURL: "http://127.0.0.1:3000/auth/citrix/callback"
},
function(accessToken, refreshToken, accountKey, expiresIn, profile, done) {
User.findOrCreate(accountKey, profile, function (err, user) {
done(err, user);
});
}
));
Note:
- For security, a callbackURL is mandatory - XSS detection state is carried via the callbackURL.
- Session support is mandatory to use this strategy.
- Only the API key (aka 'Consumer Key') provided by Citrix is needed, not the 'Consumer Secret'
Options:
- apiKey (mandatory) identifies client to Citrix Online
- callbackURL (mandatory) URL to which Citrix Online will redirect the user after obtaining authorization
- trustProxy (optional) set true if using relative callbackURL and behind reverse proxy
- sessionKey (optional) field within req.session to use for auth persistence
Where:
accessToken = "XXX"
refreshToken = "XXX"
accountKey = "1234567890" // Unique identifier for account
expiresIn = "0123456" // Time before accessToken expires (currently approx 1 year)
profile = {
firstName: "John",
lastName: "Doe",
email: "john.doe@domain.com",
}
#### Authenticate Requests
Use passport.authenticate(), specifying the 'citrix' strategy, to
authenticate requests.
For example:
app.get('/auth',
passport.authenticate('citrix'));
app.get('/auth/citrix/callback',
passport.authenticate('citrix', { failureRedirect: '/auth_failed' }),
function(req, res) {
// Successful authentication, redirect home.
res.redirect('/');
});
- passport — Passport