GDI Authentication Server

Report Bug · Request Feature

Table of Contents

1. About The Project
2. Authentication flow
3. Getting Started
   • Prerequisites
   • Configure environment variables
   • Run locally
   • End to end testing
4. Roadmap
5. Contributing
6. License
7. Acknowledgments

About The Project

Authentication using Visma Federation Services (BankId, Freya).

(back to top)

Authentication flow

A website that want's to autenticate an interactive user should provide

• a login page with a (web) link to /api/v1/auth/login providing
• a landing page that will collect access and refresh tokens from /api/v1/auth/token

sequenceDiagram
  participant Login page
	participant Landing page
  participant GDI Auth Server
	participant Visma Federation Services
	participant User
    Login page->>GDI Auth Server: GET /api/v1/login?redirect_url=<landing page>&relay_state=...
	GDI Auth Server->>Visma Federation Services: Redirects to
	Visma Federation Services->>User: Collects credentials and authenticates
	Visma Federation Services->>Landing page: redirects to <landing page>?ts_sessionid_=...&relay_state=...
	Landing page->>GDI Auth Server: GET /api/v1/auth/token?ts_session_id=...
	Landing page->>Landing page: Landing page now has {accessToken, refreshToken}

Loading

(back to top)

Getting Started

Prerequisites

• nodejs
• Yarn

(back to top)

Configure environment variables

In order to run, some environment variables must be defined. This is easiest to do by

• ensuring there exists a local .env in the project root
• copy content from .env.example and change values to what gives meaning

(back to top)

Run locally

# install dependencies
yarn
# run tests
yarn test
# run tests and report coverage
yarn coverage
# start web server
yarn start
# start server on port 400 instead of default 3000
PORT=4000 yarn start
# start with debugging output
DEBUG=* yarn start

(back to top)

End to end testing

Navigate to http://localhost:3000/api/v1/auth/login?redirect_url=http://localhost:3000/api/v1/auth/test-landing-page. It should take you through the authenticationprocess and in the end present issued access and refreh tokens.

(back to top)

Roadmap

• Authenticate against Visma (BankId, Freja)
• issue JWT access tokens and refresh tokens
• access token reneval
• handle refresh token validity
• handle refresh token revocation

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

(back to top)

License

Distributed under the MIT License. See LICENSE for more information.

(back to top)

Acknowledgments

• gdi-template
• Best-README-Template

(back to top)