You must configure your instance of the Webmaker login server to allow the domain on which your app is running.
For example, if your app is running on http://localhost:7777, you should add the following to the Webmaker login server's .env:
ALLOWED_DOMAINS="http://localhost:7777"
Alternatively, you can just set ALLOWED_DOMAINS="*" to make your life easier.
npm install webmaker-auth
var WebmakerAuth = require('webmaker-auth');
// For Express 4 only
// var bodyParser = require('body-parser');
// Init
var webmakerAuth = new WebmakerAuth({
// required
loginURL: process.env.LOGIN_URL,
authLoginURL: process.env.LOGIN_URL_WITH_AUTH,
secretKey: process.env.SECRET_KEY,
// This should be an array of URLs, or undefined.
// If you pass in ["*"], all CORS domains will be allowed (don't do this on production)
allowCors: ["*"],
// The address to use when requesting a login link for a user - usually the hostname of the app.
loginHost: process.env.LOGIN_HOST_ADDRESS
// optional
domain: process.env.COOKIE_DOMAIN, // default undefined
forceSSL: process.env.FORCE_SSL // default false
// if a cookie is older than the given time (in milliseconds), refresh the userdata
refreshTime: 1000 * 60 * 5 // default 15 minutes,
// optional - if set to 'true', webmaker-auth will bypass true login and simply treat any attempt
// to log in as successful, yielding a session for user "testuser" with email "[email protected]"
testMode: false
});
// Middleware
app.use(express.json());
app.use(express.urlencoded());
// For Express 4 use these includes instead of the previous 2
// app.use(bodyParser.json());
// app.use(bodyParser.urlencoded());
app.use(webmakerAuth.cookieParser());
app.use(webmakerAuth.cookieSession());
// Routes for front end
app.post('/auth/v2/verify', webmakerAuth.handlers.verify);
app.post('/auth/v2/authenticate', webmakerAuth.handlers.authenticate);
app.post('/auth/v2/logout', webmakerAuth.handlers.logout);
app.post('/auth/v2/create', webmakerAuth.handlers.createUser);
app.post('/auth/v2/uid-exists', webmakerAuth.handlers.uidExists);
app.post('/auth/v2/request', webmakerAuth.handlers.request);
app.post('/auth/v2/authenticateToken', webmakerAuth.handlers.authenticateToken);
app.post('/auth/v2/verify-password', webmakerAuth.handlers.verifyPassword);
app.post('/auth/v2/request-reset-code', webmakerAuth.handlers.requestResetCode);
app.post('/auth/v2/reset-password', webmakerAuth.handlers.resetPassword);
// These webmaker-auth route handlers require a csrf token and a valid user session.
app.post('/auth/v2/remove-password', webmakerAuth.handlers.removePassword);
app.post('/auth/v2/enable-passwords', webmakerAuth.handlers.enablePasswords);- tests
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent