Home

Awesome

grant-azure

Azure Function handler for Grant

var grant = require('grant').azure({
  config: {/*configuration - see below*/}, session: {secret: 'grant'}
})

module.exports = async (context, req) => {
  var {redirect, response} = await grant(req)
  return redirect || {
    status: 200,
    headers: {'content-type': 'application/json'},
    body: JSON.stringify(response)
  }
}

Also available for AWS, Google Cloud, Vercel

ES Modules and TypeScript

Configuration

The config key expects your Grant configuration.

proxies.json

It is required to set the following requestOverrides for Grant:

{
  "$schema": "http://json.schemastore.org/proxies",
  "proxies": {
    "oauth": {
      "matchCondition": {
        "route": "{*proxy}"
      },
      "requestOverrides": {
        "backend.request.querystring.oauth_code": "{backend.request.querystring.code}",
        "backend.request.querystring.code": ""
      },
      "backendUri": "http://localhost/{proxy}"
    }
  }
}

Routes

You login by navigating to:

https://[APP].azurewebsites.net/connect/google

The redirect URL of your OAuth app have to be set to:

https://[APP].azurewebsites.net/connect/google/callback

And locally:

http://localhost:3000/connect/google
http://localhost:3000/connect/google/callback

Session

The session key expects your session configuration:

OptionDescription
nameCookie name, defaults to grant
secretCookie secret, required
cookiecookie options, defaults to {path: '/', httpOnly: true, secure: false, maxAge: null}
storeExternal session store implementation

NOTE:

Example session store implementation using Firebase:

var request = require('request-compose').client

var path = process.env.FIREBASE_PATH
var auth = process.env.FIREBASE_AUTH

module.exports = {
  get: async (sid) => {
    var {body} = await request({
      method: 'GET', url: `${path}/${sid}.json`, qs: {auth},
    })
    return body
  },
  set: async (sid, json) => {
    await request({
      method: 'PATCH', url: `${path}/${sid}.json`, qs: {auth}, json,
    })
  },
  remove: async (sid) => {
    await request({
      method: 'DELETE', url: `${path}/${sid}.json`, qs: {auth},
    })
  },
}

Handler

The Azure Function handler for Grant accepts:

ArgumentTypeDescription
reqrequiredThe request object
stateoptionalDynamic State object {dynamic: {..Grant configuration..}}

The Azure Function handler for Grant returns:

ParameterAvailabilityDescription
sessionAlwaysThe session store instance, get, set and remove methods can be used to manage the Grant session
redirectOn redirect onlyHTTP redirect controlled by Grant, your function have to return this object when present
responseBased on transportThe response data, available for transport-state and transport-session only

Examples

ExampleSessionCallback λRouting
transport-stateCookie Store{*proxy}
transport-querystringCookie Store/connect/{provider}/callback
transport-sessionFirebase Session Store/connect/{provider}/callback
dynamic-stateFirebase Session Store{*proxy}

Different routing configurations and session store types were used for example purposes only.

Configuration

All variables at the top of the Makefile with value set to ... have to be configured:

https://[project].firebaseio.com/[prefix]

{
  "rules": {
    ".read": "auth == '[key]'",
    ".write": "auth == '[key]'"
  }
}

All variables can be passed as arguments to make as well:

make plan example=transport-querystring ...

Dockerfile

Running the transport-session and the dynamic-state examples locally requires your Firebase credentials to be set in the Dockerfile as well:

ENV FIREBASE_PATH=...
ENV FIREBASE_AUTH=...

Develop

# build example locally
make build-dev
# run example locally
make run-dev

Deploy

# build Grant for deployment
make build-grant
# build Grant for transport-querystring and transport-session examples
make build-callback
# deploy Grant
make deploy

# execute only once
make init
# plan for deployment
make plan
# apply plan for deployment
make apply
# cleanup resources
make destroy