Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/andyrichardson/passport-workos
A passport.js strategy for WorkOS SSO (unofficial)
https://github.com/andyrichardson/passport-workos
oauth2 passport workos
Last synced: about 2 months ago
JSON representation
A passport.js strategy for WorkOS SSO (unofficial)
- Host: GitHub
- URL: https://github.com/andyrichardson/passport-workos
- Owner: andyrichardson
- License: mit
- Created: 2021-10-03T12:36:02.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2023-09-26T22:19:19.000Z (about 1 year ago)
- Last Synced: 2024-04-20T00:49:29.357Z (8 months ago)
- Topics: oauth2, passport, workos
- Language: TypeScript
- Homepage: https://www.npmjs.com/package/passport-workos
- Size: 234 KB
- Stars: 11
- Watchers: 4
- Forks: 4
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Passport Workos
A passport strategy for WorkOS SSO.
## Installation
```sh
npm i passport-workos passport @workos-inc/node
```## Setup
Import the strategy.
```ts
import { WorkOSSSOStrategy } from "passport-workos";
```Instantiate it with your WorkOS credentials, callbackURL, and verify function.
```ts
passport.use(
"workos",
new WorkOSSSOStrategy(
{
clientID: process.env.WORKOS_CLIENT_ID,
clientSecret: process.env.WORKOS_API_KEY,
callbackURL: "http://localhost:3000/auth/workos/callback",
},
// Verify function
(req, accessToken, refreshToken, profile, done) => {
return done(undefined, profile);
}
)
);
```Add a route for redirecting to WorkOS login.
```ts
app.get("/auth/workos/login", passport.authenticate("workos"));
```Add a route for code authorization callbacks.
```ts
app.get(
"/auth/workos/callback",
passport.authenticate("workos"),
(req, res) => {
// Do something once authenticated
// ..
res.redirect("/");
}
);
```## Consumption
### Login
The login route will redirect to a [WorkOS OAuth 2.0 authorization URL](https://workos.com/docs/reference/sso/get-authorization-url). When redirecting to this route, be sure to include one of the [supported query parameters](https://workos.com/docs/reference/sso/get-authorization-url).
#### Login with email
In the likely case where the connection can't be derived by the requesting client, middleware is advised ([see here](https://github.com/andyrichardson/passport-workos/pull/15#issuecomment-1300526716)).
```tsx
// Client entrypoint
app.use("/auth/email/login", (req, res, next) => {
const email = req.query.email;
// Your custom function to get connection for given email
const connection = await getConnectionForEmail(email);// Redirect to passport strategy with supported args
res.redirect(
url.format({
pathname: "/auth/workos/login",
query: { ...req.query, connection, login_hint: email },
})
);
});app.use("/auth/workos/login", passport.authenticate("workos"), (req, res) => {
/* ... */
});
```### Callback
This will be called by WorkOS after a successful login. Be sure to [configure the redirect URI](https://workos.com/docs/reference/sso/redirect-uri) with WorkOS.