README
passport-aloha
This is a Strategy for use with PassportJS with the Force.com platform specificially for Aloha. It is used for authentication for Trailboss. This package is a fork of Josh Birk's passport-forcedotcom package.
Please Note that as of version 0.1.0, successful authentication now results in a standard PassportJS User Profile object.
Usage
- The package is not hosted on npm so include the dependency in your package.json
"passport-aloha": "devforce/passport-aloha#master"
- Import it into your app
var passport = require('passport');
var AlohaStrategy = require('passport-aloha').Strategy;
- Define the strategy with your application credentials and information
passport.use(new AlohaStrategy({
clientID: '{client_id}',
clientSecret: '{client_secret}',
scope: ['id', 'refresh_token'],
callbackURL: 'https://my.example.com/auth/aloha/callback'
}, function verify(token, refreshToken, profile, done) {
console.log(profile);
return done(null, profile);
}));
- And then setup some routes to hande the flow
app.get('/auth/aloha', passport.authenticate('aloha'), {
display: "page", // valid values are: "page", "popup", "touch", "mobile"
prompt: "", // valid values are: "login", "consent", or "login consent"
login_hint: ""
});
// this should match the callbackURL parameter above:
app.get('/auth/aloha/callback',
passport.authenticate('aloha', { failureRedirect: '/error' }),
function(req, res){
res.render("index",checkSession(req));
}
);
And as usual with passport, you can update the user serialization/de-serialization.
Creating a Connected App
In order to use this Strategy, you'll need to have a Connected App inside of Salesforce. See this article for detailed and up-to-date Connected App creation instructions.
Tips:
- Please note that the
client_id
is referred to as "Consumer Key" and theclient_secret
is referred to as the "Consumer Secret" in some of the UI and documentation. - Be sure to set the Connected App's callback URL to the same setting you
provided in the
new AlohaStrategy
constructor. If you're usingexpress
, then the route you attach must also correspond to this URL (e.g.app.get('/auth/aloha/callback', ...)
- to get a
photos
section in the User Profile you need to set up theapi
orchatter_api
scope when creating the Connected App.- the URL to the photo lasts for ~30 days
- if you do not need the photos, supply a
skipPhoto: true
option to theAlohaStrategy
constructor and only enable theid
scope.
Authors
- Jeff Douglas
- Joshua Birk
- Raja Rao DV
- Jared Hanson -
whose help resolved a previous issue with handling the incoming OAuth
information so that things like the
instance_url
can be readily available. - The team at GoInstant (now Salesforce) who made sure it was production worthy.
- Updates, quality of life additions, enhancements from Jason Ghent and Fabian Jakobs.
Legal
©2013-2014 salesforce.com, All Rights Reserved.
Use and distribution is licensed under the 3-Clause BSD License.