Override User Authentication

Overview

This feature allows a developer to override the default authentication mechanism for users with a custom one using a Code Service. When a user uses the /api/v/1/user/auth endpoint for authentication, his credentials will be sent to a admin defined Code Service for further processing and authentication.

Usage

You must return a JSON with, at least the following key/value pairs:


var thereWasAnError = true // placeholder output of your custom auth logic

var response = {
  authToken:"<AUTH_TOKEN",
  user_id:"<USER_ID>", // the value for <USER_ID> can be left as empty string
  options:{} // add custom key/value pairs here
}
if(thereWasAnError){
  // additional custom fields are allowed
  response.options.reason = "He is an imposter!"
  resp.error(response)
}
else{
  // additional custom fields are allowed
  response.options.reason = "Confirmed he is THE guy!";
  resp.success(response)
}
// => API Call to api/v/1/user/auth returns 
// {"user_token":"<AUTH_TOKEN","user_id":"<USER_ID>", "options":{"reason":"He is an imposter!"}}

Setup Code Service for User Authentication

Go to the Code tab and create a new Code Service. This service will get executed when a user call the /api/v/1/user/auth endpoint over REST. Go to the service settings and in the Requires tab enter clearblade as the dependency. Then in the Security tab, make sure the service is executable by an Anonymous user. Enter the following code and hit Save:

ClearBlade.init({
     systemKey: req.systemKey,
     systemSecret: req.systemSecret,
     email: req.params.email,
     password: req.params.password,
     callback: function(err, body) {
       if(err) {
         resp.error("initialization error " + JSON.stringify(body));
       } else {
         body.options = {<YOUR_OPTIONS>};
         resp.success(body);
       }
     }
});

This service will take the users credentials i.e email and password and authenticate the user. You can add password restrictions before the init call or give your own options in the body.options JSON object which will be received by the user upon successful authentication.

Setting up Authentication Override

Go into your System Settings and click the Access tab. Enter the name of the authentication Code Service that you just created and hit Save

Auth Override

User Authentication

The user can then use any of our SDKs to authenticate with the ClearBlade Platform and the authentication Code Service will be executed instead of the default authentication logic