Module to authenticate angular webapps with CAS access-token protected APIs.
Originally this module was written to support The Key (Cru CAS) before it had OAuth support. This has since been added and is the recommended way of authenticating.
This module when using OAuth takes users through the following process:
- app makes a request to a managedApi without a session
- module checks URL fragment and cache for access_token (none found)
- module redirects user to The Key using the implicit OAuth grant
- user logs in and The Key redirects user back to redirect url in module configuration with access_token(The Key) in URL fragment
- app makes a request to a managedApi without a session
- module checks URL fragment and cache for access_token (found)
- module contacts The Key (casTicketPath) using access_token: access_token(The Key) and service: managedApi being requested
- Key returns a ticket to module
- module uses ticket to authenticate with auth-api(authenticationApiBaseUrl)
- auth-api returns access_token(service) to module
- original request sent with access_token(service) to service
Choose your preferred method:
- Bower:
bower install angular-cas-auth-api - NPM:
npm install --save angular-cas-auth-api - Download: angular-cas-auth-api
If you are going to use The Key (Cru CAS) as your CAS authenticator you will need to get a Client ID. send an email to [apps@cru.org](mailto:apps@cru.org?subject=New OAuth Client Request for The Key) with the subject New OAuth Client Request for The Key.
angular.module('myApp', ['cas-auth-api'])
.config(['casAuthApiProvider', function(casAuthApiProvider) {
casAuthApiProvider.configure({
requireAccessToken: true,
cacheAccessToken: true, // If true you must include lscache #optional
redirectUrl: 'http://localhost/', // URL to redirect to after OAuth Authentication #required
clientId: '1234567890', // Client ID related to redirect URL #required
oAuth: true // #required
});
}]);angular.module('myApp', ['cas-auth-api'])
.run(['$rootScope', '$window', function($rootScope, $window) {
$rootScope.$on('cas-auth-api:error', function(event, rejection) {
if ('ERR_SERVICE' === rejection.code) {
// retrieving service object failed
}
if ('ERR_TICKET' === rejection.code) {
// retrieving ticket object failed
}
if ('ERR_TOKEN' === rejection.code) {
// retrieving token object failed
}
// Redirect to `/login` with the `error_reason`.
return $window.location.href = '/login?error_reason=' + rejection.message;
});
}]);NOTE: An event cas-auth-api:error will be sent every time a responseError is emitted:
{ code: 'ERR_SERVICE', message: 'Failed to fetch service.'}{ code: 'ERR_TICKET', message: 'Failed to fetch ticket.'}{ code: 'ERR_TOKEN', message: 'Failed to fetch token.'}
Configuration defaults:
casAuthApiProvider.configure({
endpoints: {
'service': 'service',
'token': 'token/new'
},
ticketUrl: '',
maxAttempts: 3,
requireAccessToken: false,
cacheAccessToken: false,
cacheExpiresMinutes: 25,
managedApis: [],
casBaseUrl: 'https://thekey.me/cas/' ,
casLoginPath: '/login',
casTicketPath: '/api/oauth/ticket',
oAuth: false,
authenticationApiBaseUrl: 'https://auth-api.cru.org/v1'
});Catch and authenticate urls:
/**
* Add a url to the managed API list
*
* @param {string|Array.<string>} url
* @returns {*}
*/
casAuthApi.addManagedApi( 'https://ministry-view-api.cru.org/ministry_view/' );Found a bug or want to suggest something? Take a look first on the current and closed issues. If it is something new, please submit an issue.
It will be awesome if you can help us evolve angular-cas-auth-api. Want to help?
- Fork it.
npm install.- Do your magic.
- Run the tests:
gulp test. - Build:
gulp build - Create a Pull Request.
- Write tests
- refactor to ES6 with Babel
- Add support for OAuth attributes endpoint available https://thekey.me/cas/api/oauth/attributes
- Add support for expires_in parameter in the implicit OAuth response and set cache to expire at that time