customAuthentication
Specifies your module for Profound API to run to do custom authentication and/or authorization instead of using the Profound API User Authentication.
customAuthentication: "authentication/authorize.js"
Input: The npm express request object (required)
The request object has a property called apiRoute which contains information about the specific API being called.
Return:Â
To cause a response of 401 - Not Authorized
Return Null
Or a JavaScript object with a property named "authenticated" and a value of anything except a Boolean true.
To cause an authenticated user you should return a JavaScript Object with the below properties:
{
authenticated: true, // This is to authorize to deny the request.
user: "theUserName", // This is option, but can be used to hook into the existing Profound API permissions checking
roles: [], // This is optional, but can be used to hook into the existing Profound API permissions checking
canExecute: boolean // This is optional. If return the user or roles property, then it will not use the existing Profound API permissions checking.
}
This Custom Authentication module can do perform a few different things:
1- Authenticate the requester by any means necessary, such as database, file, external web services, etc.
2- Assign Role(s) to the newly Authenticated User.
3- Authorized the requester to perform the requested API call
An example of an authentication module using a csv file to authenticate a caller based upon a http header property "authorization" to the first column of a user lines stored in csv. And if authenticated assign that users roles to that response.
This example allows for using both the built in Profound API Role Permission Security with endless means of Authentication.
const fs = require("fs");
const path = require("path");
const crypto = require('crypto');
function userListAuth(request) {
// Invalid Requester
if (!request.headers || !request.headers.authorization)
return { authenticated: false };
// Get the requester User/Password (is encoded) and then Hash it
let auth = request.headers.authorization.replace("Basic ", "");
let hashPwd = crypto.createHash('sha1').update(auth).digest('hex');
// Get all of the users from a file (or database.. or etc)
let userFile = path.join(__dirname, "userList.csv");
let data = fs.readFileSync(userFile).toString().split("\r\n");
// Find the user record that has the same hash
for (let i = 0; i < data.length; i++) {
let parts = data[i].split(",");
// If found -- return that user as authenticated
if (parts[1].trim() == hashPwd)
return { authenticated: true, user: parts[0].trim(), roleNames: parts.slice(2) };
}
// No matching Hash -- return not authenticated
return { authenticated: false };
}
exports.run = userListAuth;
Some documentation pages have recently moved to a new section: Profound AppDev. If you are having trouble finding specific pages, try the documentation search capability or reach out to our Support team!