By default (aka in the config/default.yml.template
file) developer auth is enabled. If you don't care how that works you can just use the config as is and you should be good to go. (It'll look something like this)
providers:
devAuth:
enabled: true
If you wish to better understand how this works, here's a bit more information.
When developer auth is enabled, users can provide the email & externalId of the user they wish to login as (or create) and recieve a valid refresh/ access token.
Request: POST /login/developer
Sample Request body:
{
"email": "[email protected]",
"externalId": "101"
}
Sample Response:
{
"message": "Login successful"
}
Sample Response Headers:
{
"Set-Cookie": "refreshToken=<token>;<cookie settings>"
}
Request: GET /users
Request headers (notice the space between Bearer
and <token>
!):
{
"Authorization": "Bearer <token>"
}
With this flag on, it enabled the /login/developer
route (see ./router/login.router.ts
for more details).
To test SAML authentication, you will need to configure an Identity Provider (IDP) for the API to authenticate against. As we don't expect anyone to just have a configured IDP laying around ready to go, this will walk through using SamlTest.id.
SamlTest.id is an IDP specifically designed for testing. To use it in this project, we can configure it as follows.
- If you haven't already, run
npm run generate-config
to generate a base config with keys. - Download the IDP metadata from https://samltest.id/saml/idp.
- Open the downladed IDP metadata xml file and pull out the two
signing
keys. - Add these to your
default.yml
config underproviders.saml.idpCerts
between the begin and end certificate tags as stubbed out for you as follows.
idpCerts:
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- Enable the SAML provider in the
default.yml
config.
saml:
name: MySAMLName
enabled: true
- At this point you should be all set to run the API for the first time, though SAML auth will not work yet.
- Go to
<api-url>/login/saml/metadata
and save the SP metadata file it presents you with. - Navigate to https://samltest.id/upload.php and upload the SP metadata from the previous step.
- Now you should be all set for local SAML testing and can try logging in.