ibmid-login

Integrates with the IBM Identity and Account Management (IAM) and Accounts APIs to implement login using IBMid.

Usage no npm install needed!

<script type="module">
  import ibmidLogin from 'https://cdn.skypack.dev/ibmid-login';
</script>

README

ibmid-login

Version License: ISC Coverage Status Node.js CI

Integrates with the IBM Identity and Account Management (IAM) and Accounts APIs to implement login using IBMid.

Install

npm install ibmid-login

Usage

As a standalone module: (see JSDoc for required parameters for each method)

const { default: IBMidLogin } = require('ibmid-login')

const ibmidLogin = new IBMidLogin()
await ibmidLogin.getPasscode() // => { headers: { location: "https://identity-1.us-south.iam.cloud.ibm.com/identity/passcode" }, statusCode: 302, body: {} }

As an Express.js Router:

const express = require('express')
const app = express()

/**
 * GET  /ibmid/passcode --> Generates an IBM Cloud one-time passcode when opened in a browser
 * POST /ibmid/login --> Send { passcode: "<PASSCODE FROM IBM CLOUD>" } to start a session (cookies)
 * POST /ibmid/logout --> Clears session (cookies)
 * GET  /ibmid/users/me --> Returns current user
 * GET  /ibmid/accounts --> Returns current user's accounts
 * GET  /ibmid/accounts --> Returns current user's accounts
 * GET  /ibmid/accounts/switch --> Send ?account_id=<NEW_ACCOUNT_ID> to switch accounts
 * GET  /ibmid/resources --> Lists resource instances
 * ALL  /ibmid/resources/:resource_id --> Resource controller API for a resource - https://cloud.ibm.com/apidocs/resource-controller/resource-controller
 * ALL  /ibmid/resources/:resource_id/<path> --> Proxy requests to the service URL.
 * e.g. If resource_id is a Watson Assistant instance, /ibmid/resources/:resource_id/v1/workspaces will proxy to the instance's /v1/workspaces endpoint.
 */
app.use('/ibmid', services.ibmid.expressAdapter)
/**
 * Authenticates all routes under /protected, redirects to /login
 */
app.use('/protected', services.ibmid.expressAdapter.authenticate({ fallback_url: '/login' }))

Customization

The following options may be used to tune the behavior of this package:

  • ALLOWED_ACCOUNTS: Array of account IDs that may be used to authenticate. Users with no access to any allowed accounts will get RC 401 for their requests.
  • ALLOWED_USERS: Array of user emails that may be used to authenticate. Accepts regular expressions (for example, for domain allowlisting). Users whose emails do not match any of the expressions will get RC 401 for their requests.
  • IBMID_APIKEY: API key to delegate requests to a different user when passing requests along to IBM APIs.

Run tests

npm run test

Author

👤 Marco Cardoso

Show your support

Give a ⭐️ if this project helped you!