Authentication / SSO

The Application Server provides login delegation and account synchronization to services such as Google and Facebook.

These services allow your web application automatic integration to these services, allowing your users to login with their service credentials (such as their Facebook username and password) and synchronize their user account information with those backend services. This synchronization includes account profile information as well avatar images and other information.

Configuring external authentication services requires you to add a JSON section to the configuration passed when starting your server instance in app.js.

Currently supported service providers include:

Each of these services are implemented using the Passport.js library for Node.js. As such, the configuration of these services are very similar in nature.

This is an example configuration of a server's authentication using Facebook:

"auth": {
    "enabled": true,
    "providers": {
        "facebook": {
            "enabled": true,
            "successRedirect": "/index.html",
            "failureRedirect": "/error.html",
            "callbackUrl": "/auth/facebook/callback",
            "appId": "{Facebook App ID}",
            "appSecret": "{Facebook App Secret}",
            "passTicket": false,
            "passToken": true,
            "autoRegister": true

In the example above, your Facebook App ID and Facebook App Secret must be acquired by creating an application within Facebook using the Facebook developers dashboard. Other providers (GitHub, Google, etc) have similar developer portals for registering applications and managing keys.

Service Provider Configuration

Each service provider has a slightly unique configuration. Visit the service provider pages above for specific information depending on the one you seek the configure.

The following properties are common across all services:

Name Default Description
enabled false Whether this service is enabled
successRedirect "/index.html" The URL to redirect to if the authentication succeeds
failureRedirect "/index.html" The URL to redirect to if the authentication fails
callbackUrl "/auth/{providerId}/callback" The URL that the service connects with to complete the handshake
passTicket false Whether to pass the Gitana Ticket back to the caller with the redirect. The ticket is generated upon authentication against Cloud CMS
passToken false Whether to pass the Bearer Token that the authentication handshake receives from the provider with the redirect.
autoRegister false Whether to auto-register a user if a user isn't found for the authentication against the provider

Additional properties may be needed per-service. See each service's individual documentation for more information.


The Cloud CMS SDK provides examples of these service providers in action.

Please download the SDK to inspect the code and see how these are used in action.