The authentication methods are implemented with the library passport.js, each method is called an “strategy” and according to passport’s official page they have 502 strategies, we currently implement three.
User data to retrieve can be specified (if the strategy allows it) and mapped to a specific format.
To this mapped data, Group Expansion is executed adding the groups to the data.
And finally the roles and permissions if exist any for the current user are added too.
* roles and permissions are checked for every request
The user data once mapped, is send to the UI and manage by a class, which holds and process any user related information, like checking permissions, token generations and clearing the data.
auth: { type: 'none', ... oauth2: { provider: 'google', google: { ... } }, saml2: { provider: ‘okta', okta: { ... } }, ldap: { provider: 'apacheds', apacheds: { ... } } }, ... }