Node Sample Template App for the IBM Cloud App ID service. The App ID Dashboard overwrites the manifest.yml and localdev-config.json files with the user's information when they download a Node sample app. When downloaded, you can either run the application locally or in IBM Cloud.
app.js Uses Express to set the routes.
public/index.html The application landing page. Click Login to start.
protected/protected.html The application's protected page. After clicking the Login button, the user is redirected here. This is where
we check whether the user is authorized or not. In the case where the user is not authorized, we send a request to the
authentication server to start the OAuth flow. If the user is authorized, we show the protected data.
- Node 6.0.0 or higher
Run the following commands:
npm install
npm startUse the link http://localhost:3000 to load the web application in browser.
Before you begin, make sure that IBM Cloud CLI is installed. For more information visit: https://cloud.ibm.com/docs/cli?topic=cloud-cli-getting-started.
Important: Before going live, remove http://localhost:3000/* from the list of web redirect URLs located in "Manage Authentication" -> "Authentication Settings" page in the AppID dashboard.
- Login to IBM Cloud.
ibmcloud login -a https://api.{{domain}}
- Target a Cloud Foundry organization and space in which you have at least Developer role access:
Use ibmcloud target --cf to target Cloud Foundry org/space interactively.
- Bind the sample app to the instance of App ID:
ibmcloud resource service-alias-create "appIDInstanceName-alias" --instance-name "appIDInstanceName" -s {{space}}
-
Add the alias to the manifest.yml file in the sample app.
applications: - name: [app-instance-name] memory: 256M services: - appIDInstanceName-alias -
Deploy the sample application to IBM Cloud. From the app's folder do:
ibmcloud app push
-
Now configure the OAuth redirect URL at the App ID dashboard so it will approve redirecting to your cluster. Go to your App ID instance at IBM Cloud console and under Manage Authentication->Authentication Settings->Add web redirect URLs add the following URL:
https://{App Domain}/ibm/cloud/appid/callbackYou find your app's domain by visiting Cloud Foundry Apps at the IBM Cloud dashboard: https://cloud.ibm.com/resources.
-
Open your IBM Cloud app route in the browser.
Before you begin make sure that IBM Cloud CLI, docker and kubectl installed and that you have a running kubernetes cluster.
You also need an IBM Cloud container registry namespace (see https://cloud.ibm.com/kubernetes/registry/main/start). You can find your registry domain and repository namespace using ibmcloud cr namespaces.
Important: Before going live, remove http://localhost:3000/* from the list of web redirect URLs located in "Manage Authentication" -> "Authentication Settings" page in the AppID dashboard.
Note: Your App ID instance name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. You can visit the App ID dashboard to change your instance name.
-
Login to IBM Cloud.
ibmcloud login -a https://api.{{domain}} -
Run the following command, it will output an export command.
ibmcloud cs cluster-config {CLUSTER_NAME} -
Set the KUBECONFIG environment variable. Copy the output from the previous command and paste it in your terminal. The command output looks similar to the following example:
export KUBECONFIG=/Users/$USER/.bluemix/plugins/container-service/clusters/mycluster/kube-config-hou02-mycluster.yml -
Bind the instance of App ID to your cluster.
ibmcloud cs cluster-service-bind {CLUSTER_NAME} default {APP_ID_INSTANCE_NAME} -
Find your cluster's public endpoint {CLUSTER_ENDPOINT}.
Note: If you are using the free version of kubernetes (with only 1 worker node) you can use your node's public IP instead, which you can find using:
ibmcloud cs workers {CLUSTER_NAME} -
Edit the kube_deployment.yml file.
- Edit the image field of the deployment section to match your image name. The name of your image should be
{REGISTRY_DOMAIN}/{REPOSITORY_NAMESPACE}/appid-node-sample:{APP_VERSION}). - Edit the Binding name field to match yours. It should be
binding-{APP_ID_INSTANCE_NAME}. - Edit redirectUri's value to include your cluster's IP. The value should be
http://{CLUSTER_ENDPOINT}/ibm/cloud/appid/callback - Optional: Change the value of metadata.namespace from default to your cluster namespace if you’re using a different namespace.
- Edit the image field of the deployment section to match your image name. The name of your image should be
-
Build your Docker image.
docker build -t {REGISTRY_DOMAIN}/{REPOSITORY_NAMESPACE}/appid-node-sample:{APP_VERSION} . -
Push the image.
docker push {REGISTRY_DOMAIN}/{REPOSITORY_NAMESPACE}/appid-node-sample:{APP_VERSION}kubectl apply -f kube_deployment.yml -
Now configure the OAuth redirect URL at the App ID dashboard so it will approve redirecting to your cluster. Go to your App ID instance at IBM Cloud console and under Manage Authentication->Authentication Settings->Add web redirect URLs add the following URL:
https://{CLUSTER_ENDPOINT}:30000/ibm/cloud/appid/callback -
You can see your sample running on Kubernetes in IBM Cloud.
open http://{CLUSTER_ENDPOINT}:30000
This sample runs on one instance and uses the session to store the authorization data. In order to run it in production mode, use services such as Redis to store the relevant data.
Join us on Slack and chat with our dev team.
https://www.youtube.com/watch?v=6roa1ZOvwtw
Copyright (c) 2019 IBM Corporation
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.