stormpath / loopback-stormpath Goto Github PK

I created the complete version of LoopBack tutorial intended to be the primary test for LoopBack-Stormpath interface you are working on. This tutorial will be the first encounter of a typical LoopBack user with Stormpath Account Management Services, so I believe that this should be rock solid before sharing with anyone.

At the moment, this sample fails because the ls-getting-started\client\js\services\lb-services code which is generated by ng-lp code generator is unaware of your StrongLoop-Stormpath interface. It seems that you will need to create the ng-lp-sp equivalent generator, which should not be a big deal.

I believe that written issues should go way ahead of just bug reports. Not only that I want to add accolades, I want to start with sharing my mind even before touching this code and a few seconds after I read this announcement that just arrived to my mailbox

For about a month I am trying to think of a way to get Stormpath team to recognize something that is very obvious to me: Authentication & User Management API is a service that needs to be planned for before even starting to write a world class application (speaking as an app developer here), meaning that Authentication & User Management API service provider ought to be able to offer guidance to their customer that reached far beyond code snippets that show how access to some API should be allowed only to folks with this specific role.

As I did not see much impact from my several support posts like this I decided to make the real case that illustrates the real need for an integration of precisely the type you just did. Please check my blog as well as the forum topics Server Side Application Structure, Client Side Application Structure and Common Infrastructure. Then realize that all this was written without me knowing anything about Strongloop at all - and you should appreciate the size of the overlap you and I have without knowing that.

However the most exciting piece is the simplicity and elegance of this StrongLoop <----> Stormpath integration. With a few characters changed in a couple of JSON files you swapped out the whole massive "user thing" from StrongLoop and plopped it where it rightfully belongs (in Stormpath's care). This is also a big atta-boy to Strongloop architecture, let's not forget that.

I dare to say that you do not have the right assessment of the value of what you did here - you need to be app architect to fully appreciate this. I am that guy and I do appreciate this!!

Quote from API Explorer documentation

By default, only the User model is exposed over REST. To expose the other models, change 
the model's public property to true in /server/model-config.json. See Exposing models for 
more information. Use caution: exposing some of these models over public API may be 
a security risk.

Can I assume that all of Stormpath models will exposed this way?

This will be used to assert that the User model stuff is working properly.

I have defined my own user called Student in Student.json like:

"name": "Student",
  "plural": "Students",
  "base": "StormpathUser",

and in model-config.json I define:

  "Student": {
    "dataSource": "stormpath",
    "public": true
  },

I get the following error:

'Account givenName is required; it cannot be null, empty, or blank.'

Is there a different way I should be defining my own user?

Without dependency "base" : "User"(Persisted in code) there are no login,logout and others methods(I see it in explorer). With User base work "logout" and "registration", but login didnt work.
What I have to do to fix the login?
on login i have resp - "login failed" even if credentials are correct

At the point
That's it! You've now fully configured your Loopback project to work with Stormpath.

attempt to run the app (either as node . or slc run) the app crashes with the error shown in the issue title.

The same application without the replacement for User in the model-config.json with '''StormpathUser''' works just fine, so this problem seems to be caused by not having the user object present anymore.

Once the User is replaced with StormpathUser and the respected datasource replacedwith stormpath entry defined as

"stormpath": {
  "name": "stormpath",
  "connector": "stormpath",
  "apiKeyId": "xxx",
  "apiKeySecret": "xxx",
  "applicationHref": "https://api.stormpath.com/v1/applications/xxx"
}

what about the other objects in the model-config.json file:

"AccessToken": {
    "dataSource": "db",
    "public": false
  },
  "ACL": {
    "dataSource": "db",
    "public": false
  },
  "RoleMapping": {
    "dataSource": "db",
    "public": false
  },
  "Role": {
    "dataSource": "db",
    "public": false
  },

All of these are normally used by LoopBack's own "security layer" and should most likely be removed

True? - or the interface is not yet complete to the level that this can be done?

This method needs to be implemented so that a StormpathUser model can be generated given a username / password pair.

See: https://github.com/strongloop/loopback/blob/master/common/models/user.js#L164 for reference.