I have successfully built a network and can deploy it to a local instance of Hyperledger Fabric. Using the Hyperledger Composer docs here, I have two instances of composer-rest-server running - one with multi-user authentication enabled and one without, and everything is working great from that perspective.
For the REST server with multi-user authentication enabled, I have successfully set up providers for passport-github and another for passport-google-oauth using the following value for COMPOSER_PROVIDERS:
export COMPOSER_PROVIDERS='{
"github": {
"provider": "github",
"module": "passport-github",
"clientID": "<client_id>",
"clientSecret": "<client_secret>",
"scope": "read:user,user:email",
"authPath": "/auth/github",
"callbackURL": "/auth/github/callback",
"successRedirect": "http://localhost:4200/callback",
"failureRedirect": "http://localhost:4200/login-failed"
},
"google": {
"provider": "google",
"module": "passport-google-oauth",
"strategy": "OAuth2Strategy",
"clientID": "<client_id>",
"clientSecret": "<client_secret>",
"scope": [
"https://www.googleapis.com/auth/plus.login",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile"
],
"authPath": "/auth/google",
"callbackURL": "/auth/google/callback",
"successRedirect": "http://localhost:4200/callback",
"failureRedirect": "http://localhost:4200/login-failed"
}
}'
As you can see, I've specified a scope variable in both providers to try and retrieve the email+username of the user profile. This information is successfully being retrieved by Loopback during the Passport authentication process, which is great! But then the composer-rest-server uses Loopback's defaultCallback to the authentication process, which means Loopback discards all of this information and opts only to set two cookies - access_token and userId. All of the scope information is then apparently discarded and lost forever.
I can hack the composer-rest-server code in my node_modules/ to use my own custom Passport authentication callback to save this scope data for later use, but is there a recommended way?
Thank you!
My current "solution" is to add
let cb = require('../lib/custom-callback')(s, c);
c.customCallback = cb.callback();
just before
passportConfigurator.configureProvider(s, c);
inside server.js in composer-rest-server. Then I can put my own custom callback code in ../lib/custom-callback.js. But this functionality doesn't seem to be available out of the box.
As you know, it uses the Loopback framework under the covers, and its loopbackPassport.PassportConfigurator (and what is set). You can generate your own customised REST server (that is equivalent to Composer REST server in functionality) to customise as you wish https://hyperledger.github.io/composer/latest/integrating/customizing-the-rest-server - this will generate a Loopback 3 application. So the recommended way would be to generate the REST server and customise accordingly.