Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/andyrichardson/passport-workos

A passport.js strategy for WorkOS SSO (unofficial)
https://github.com/andyrichardson/passport-workos

oauth2 passport workos

Last synced: 10 days ago
JSON representation

A passport.js strategy for WorkOS SSO (unofficial)

Host: GitHub
URL: https://github.com/andyrichardson/passport-workos
Owner: andyrichardson
License: mit
Created: 2021-10-03T12:36:02.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2023-09-26T22:19:19.000Z (about 1 year ago)
Last Synced: 2024-04-20T00:49:29.357Z (7 months ago)
Topics: oauth2, passport, workos
Language: TypeScript
Homepage: https://www.npmjs.com/package/passport-workos
Size: 234 KB
Stars: 11
Watchers: 4
Forks: 4
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        
Passport Workos

A passport strategy for WorkOS SSO.




  

  

    

  

  

    

  

  

    

  



## Installation

```sh

npm i passport-workos passport @workos-inc/node

```

## Setup

Import the strategy.

```ts

import { WorkOSSSOStrategy } from "passport-workos";

```

Instantiate it with your WorkOS credentials, callbackURL, and verify function.

```ts

passport.use(

  "workos",

  new WorkOSSSOStrategy(

    {

      clientID: process.env.WORKOS_CLIENT_ID,

      clientSecret: process.env.WORKOS_API_KEY,

      callbackURL: "http://localhost:3000/auth/workos/callback",

    },

    // Verify function

    (req, accessToken, refreshToken, profile, done) => {

      return done(undefined, profile);

    }

  )

);

```

Add a route for redirecting to WorkOS login.

```ts

app.get("/auth/workos/login", passport.authenticate("workos"));

```

Add a route for code authorization callbacks.

```ts

app.get(

  "/auth/workos/callback",

  passport.authenticate("workos"),

  (req, res) => {

    // Do something once authenticated

    // ..

    res.redirect("/");

  }

);

```

## Consumption

### Login

The login route will redirect to a [WorkOS OAuth 2.0 authorization URL](https://workos.com/docs/reference/sso/get-authorization-url). When redirecting to this route, be sure to include one of the [supported query parameters](https://workos.com/docs/reference/sso/get-authorization-url).

#### Login with email

In the likely case where the connection can't be derived by the requesting client, middleware is advised ([see here](https://github.com/andyrichardson/passport-workos/pull/15#issuecomment-1300526716)).

```tsx

// Client entrypoint

app.use("/auth/email/login", (req, res, next) => {

  const email = req.query.email;

  // Your custom function to get connection for given email

  const connection = await getConnectionForEmail(email);

  // Redirect to passport strategy with supported args

  res.redirect(

    url.format({

      pathname: "/auth/workos/login",

      query: { ...req.query, connection, login_hint: email },

    })

  );

});

app.use("/auth/workos/login", passport.authenticate("workos"), (req, res) => {

  /* ... */

});

```

### Callback

This will be called by WorkOS after a successful login. Be sure to [configure the redirect URI](https://workos.com/docs/reference/sso/redirect-uri) with WorkOS.