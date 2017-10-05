Javascript bindings to help you build a front-end for SuperLogin applications. Completely based on its counter part for AngularJS of Colin Skow.

For issues and feature requests visit the issue tracker.

Features

Javascript bindings for all core SuperLogin functionality

Cookie-less authentication protects your users from CSRF attacks

Store your authentication token in localStorage or sessionStorage

HTTP interceptor automatically sends an authentication token to every request to your configured endpoints

Automatically refreshes the token after a pre-configured portion of its duration has passed

Emits events to advise your application of any changes to authentication status

Installation

npm install superlogin-client --save

Configuration

Here is a tour of all the available configuration options:

var config = { serverUrl : 'http://localhost:3000' , baseUrl : '/auth' , socialUrl : 'http://localhost:3001/auth' endpoints : [ 'api.example.com' ], noDefaultEndpoint : false , storage : 'local' , providers : [ 'facebook' , 'twitter' ], checkExpired : false , refreshThreshold : 0.5 , timeout : 0 };

Now let's import SuperLogin and configure it...

import superlogin from 'superlogin-client' ; superlogin.configure(config);

Events

login

superlogin.on( 'login' , function ( session ) { ... });

Session is an object that contains all the session information returned by SuperLogin, along with serverTimeDiff , the difference between the server clock and the local clock.

logout

superlogin.on( 'logout' , function ( message ) { ... });

Message is a message that explains why the user was logged out: 'Logged out' or 'Session expired'.

refresh

superlogin.on( 'refresh' , function ( newSession ) { ... });

Broadcast when the token is refreshed.

link

superlogin.on( 'link' , function ( provider ) { ... });

Broadcast when a provider has been linked to the account.

API

Returns true if the user is currently authenticated; otherwise false. (synchronous)

Returns a promise that is resolved as soon as the user has authenticated. If the user never authenticates, this promise will stay waiting forever.

Returns the config object. (synchronous)

Makes an HTTP call to verify if the current session is valid

Returns the current session if the user is authenticated. (synchronous)

Deletes the current session, but does not invalidate the token on the server or broadcast a logout event. (synchronous)

Returns the access url for the specified user database, or null if it is not found. (synchronous)

Returns true if the authenticated user possesses the specified role (string). (synchronous)

Returns true if the user possesses at least one of the specified possibleRoles (array). (synchronous)

Returns true if the user possesses ALL of the specified requiredRoles (array). (synchronous)

Makes an HTTP call to refresh the access token.

Checks if the session has exceeded the refresh threshold, and calls refresh if necessary

Checks if the session has expired and logs out if the access token is no longer valid. Accounts for server time difference.

Passes credentials to the server to log the user in. Returns a promise that resolves with session information upon successful login, or rejects with an error message if login fails. The credentials object must contain username and password .

Passes the registration form to SuperLogin to create a new user. Returns a promise. If the sever returns session information the user is automatically logged in.

Logs out the current session and returns a promise. Deletes the session and resolves the promise no matter what. The optional message will be broadcast with the 'sl:logout' event.

Logs out ALL the user's open sessions and returns a promise. Deletes the session and resolves the promise no matter what. The optional message will be broadcast with the 'sl:logout' event.

Logs out all the user's open sessions EXCEPT the current one. Returns a promise.

Opens a popup window to authenticate the specified provider. Returns a promise that is rejected if authentication fails, or the popup is closed prematurely. Also rejects if the provider is not present in the providers list in the config.

Login using an access_token obtained by the client for the specified provider. This is useful for PhoneGap and native plugins. Rejects if the provider is not present in the providers list in the config.

Opens a popup window to link provider to the already authenticated user. Returns a promise that will reject if the user is not authenticated, the popup is closed prematurely, or the link fails.

Link a provider using an access_token obtained by the client. Returns a promise.

Unlinks the specified provider from the user's account. Returns a promise.

Verifies the user's email with the SuperLogin server, using the specified token. Returns a promise. Authentication is not required. The token will be a URL parameter passed in when the user clicks on the confirmation link in the email sent by the system. Your app needs to manually extract the token from the URL and pass it in here.

Makes an HTTP request to SuperLogin to send a forgot password email to the user. Authentication is not required.

Forwards the supplied reset password form to SuperLogin. Must include token , password , and confirmPassword . The token needs to beis extracted from the URL when the user clicks on the link in the password reset email.

Changes the authenticated user's password, or creates one if it has not been set. If a password already exists, then currentPassword is required. If no password is set, then only newPassword and confirmPassword are required.

Changes the authenticated user's email. If email confirmation is enabled, a new confirm email will go out, and the email will not be changed until the new address is confirmed.

Returns a promise that will resolve if the username is valid and not currently in use, or reject otherwise.

Returns a promise that will resolve if the email is valid and not currently in use, or reject otherwise.

Returns the http (Axios) client with the Authorization preset for you.