Wix Application authentication strategy for Passport.
Useful helper for Wix Application developers
$ npm install -S passport-wix-app
This module parses instance
parameter passed by Wix Applications
(see documentation π)
Wix sends several other parameters (not only instance
). You could get their
values straight from the original request. Just pass passReqToCallback: true
among other Strategy options.
Additional request's parameters depend on Wix Application type. Read more on the official Wix-Dev site:
- for widget π
- for page π
The wix-app
authentication strategy authenticates a user using instance
parameter, passed by Wix π.
The strategy requires options
and verify
callback.
passport.use(new WixAppStrategy({"secret": "WIX-APP-SECRET"},
function verifyCallback (instance, done) {
// any user-verification logic
// ...
// here is an example:
User.findOne({
application: instance.instanceId,
userId: instance.uid
}, function (err, user) {
// error during verification
if (err) { return done(err) }
// user is not found/not authenticated
if (!user) { return done(null, false) }
// success:
return done(null, user)
})
}
))
You can pass additional options to the WixAppStrategy
constructor:
new WixAppStrategy(options, callback)
The available options are:
passReqToCallback
- determines whether to pass the incoming request (req
) to the verify callbacksecret
- Optional, defaults tonull
. Defines the secret assigned to your Wix Application. Note that you can omitsecret
on a configuration step and passsecret
on request handling, when the app will callpassport.authenticate()
method.
Verification callback will be called with several params (see
passReqToCallback
in options-section):
req
- optional incoming Express-request π (will be passed ifpassReqToCallback
option is set totrue
)instance
- parsed Wix-Instance πcallback
-passport-done
function
Example of parsed instance (taken from
Wix-documentation π
and extended with custom fields - ext
):
parsedInstance = {
"instanceId": "bf296da1-75ce-48e6-9f72-14b7148d4fa2",
"signDate": "2015-12-10T06:57:37.201Z",
"uid": "da32cbf7-7f8b-4f9b-a97e-e67f3072ce92",
"permissions": "OWNER",
"ipAndPort": "91.199.119.13/35734",
"vendorProductId": null,
"originInstanceId": "c38e4e00-dcc1-433e-9e90-b332def7b342",
"siteOwnerId": "da32cbf7-7f8b-4f9b-a97e-e67f3072ce92",
// additional params:
"ext": {
"ip": "91.199.119.13",
"port": 35734,
"signDate": new Date(2015, 11, 10, 06, 57, 37, 201)
},
}
Use passport.authenticate()
, specifying the 'wix-app'
strategy, to authenticate requests.
For example, as route middleware in an Express π application:
app.post('/login',
passport.authenticate('wix-app', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});
Or, with late-loaded secret:
app.post('/login',
passport.authenticate('wix-app', {
secret: 'secret-key',
failureRedirect: '/login'
}),
function(req, res) {
res.redirect('/');
});
The passport-local π (by Jared Hanson) was used as a scaffold for this module.
Please, read the LICENSE
file in the root of the repository
(or downloaded package).