/
customAuthentication

customAuthentication

Owned by Scot Roach
Last updated: Aug 16, 2023 by Jessica Tomkins
2 min read



Specifies your module for Profound API to run to do custom authentication and/or authorization instead of using the Profound API User Authentication.


customAuthentication: "authentication/authorize.js"



Input: The npm express request object (required)

  • The request object has a property called apiRoute which contains information about the specific API being called.



Return: 

  • To cause a response of 401 - Not Authorized

    • Return Null

    • Or a JavaScript object with a property named "authenticated" and a value of anything except a Boolean true.



  • To cause an authenticated user you should return a JavaScript Object with the below properties:

{ authenticated: true, // This is to authorize to deny the request. user: "theUserName", // This is option, but can be used to hook into the existing Profound API permissions checking roles: [], // This is optional, but can be used to hook into the existing Profound API permissions checking canExecute: boolean // This is optional. If return the user or roles property, then it will not use the existing Profound API permissions checking. }





This Custom Authentication module can do perform a few different things:

1- Authenticate the requester by any means necessary, such as database, file, external web services, etc.
2- Assign Role(s) to the newly Authenticated User.
3- Authorized the requester to perform the requested API call





An example of an authentication module using a csv file to authenticate a caller based upon a http header property "authorization" to the first column of a user lines stored in csv.  And if authenticated assign that users roles to that response.

This example allows for using both the built in Profound API Role Permission Security with endless means of Authentication.

const fs = require("fs"); const path = require("path"); const crypto = require('crypto'); function userListAuth(request) { // Invalid Requester if (!request.headers || !request.headers.authorization) return { authenticated: false }; // Get the requester User/Password (is encoded) and then Hash it let auth = request.headers.authorization.replace("Basic ", ""); let hashPwd = crypto.createHash('sha1').update(auth).digest('hex'); // Get all of the users from a file (or database.. or etc) let userFile = path.join(__dirname, "userList.csv"); let data = fs.readFileSync(userFile).toString().split("\r\n"); // Find the user record that has the same hash for (let i = 0; i < data.length; i++) { let parts = data[i].split(","); // If found -- return that user as authenticated if (parts[1].trim() == hashPwd) return { authenticated: true, user: parts[0].trim(), roleNames: parts.slice(2) }; } // No matching Hash -- return not authenticated return { authenticated: false }; } exports.run = userListAuth;