Skip to content

A PassportJS connector for authentication in Amphora

License

Notifications You must be signed in to change notification settings

clay/amphora-auth

Repository files navigation

Amphora Auth Coverage Status

A module for Amphora to offer authentication in Clay.

Installation & Usage

First, install the module:

npm install -s amphora-auth

Then, call the module when setting up the routes for Amphora by passing the required parameters:

// Initialize auth module
amphoraAuth({
  router // Site router
  providers, // Authentication providers
  store, // Redis Session Store
  site, // Site metadata
  storage, // DB instance
  bus // Redis bus instance
});

Authentication

This module provides local authentication in Clay with a username and password and allows for easy configuration of Oauth for authentication with third-party providers. Here's a list of the supported providers:

  • Google
  • Twitter
  • Slack
  • Cognito
  • LDAP

To get started editing in Clay, create a user account. The easiest way to do this is to create a user.yml file that looks like this:

_users:
  - # Google User
    username: <your full email address>
    provider: google
    auth: admin
  - # Local User
    username: myuser
    password: mypassword
    provider: local
    auth: admin

And import the configuration using claycli:

cat user.yml | clay import -k <local_api_key> -y localhost

Environmental Variables

The following env variables are required in order to be able to authenticate a user through the providers:

export CLAY_PROVIDER=google

export TWITTER_CONSUMER_KEY=<TWITTER_CONSUMER_KEY>
export TWITTER_CONSUMER_SECRET=<TWITTER_CONSUMER_SECRET>

export GOOGLE_CONSUMER_KEY=<GOOGLE_CONSUMER_KEY>
export GOOGLE_CONSUMER_SECRET=<GOOGLE_CONSUMER_SECRET>

export SLACK_CONSUMER_KEY=<SLACK_CONSUMER_KEY>
export SLACK_CONSUMER_SECRET=<SLACK_CONSUMER_SECRET>

export COGNITO_CONSUMER_KEY=<COGNITO_CLIENT_ID>
export COGNITO_CONSUMER_SECRET=<COGNITO_SECRET>
export COGNITO_CONSUMER_DOMAIN=<COGNITO_AUTHENICATION_DOMAIN>
export COGNITO_CONSUMER_REGION=<COGNITO_INSTANCE_REGION>

export LDAP_URL=<LDAP_URL>
export LDAP_BIND_DN=<LDAP_BIND_DN>
export LDAP_BIND_CREDENTIALS=<LDAP_BIND_CREDENTIALS>
export LDAP_SEARCH_BASE=<LDAP_SEARCH_BASE>
export LDAP_SEARCH_FILTER=<LDAP_SEARCH_FILTER>

License

MIT