Skip to content
/ passport-http-api-token-bearer Public

HTTP authentication strategy for Passport with custom token name to pass via header, body or query parameter

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mabc224/passport-http-api-token-bearer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
lib
lib
 
 
.gitignore
.gitignore
 
 
.jshintrc
.jshintrc
 
 
.npmignore
.npmignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

passport-http-api-token-bearer

HTTP Bearer authentication strategy for Passport.

This module lets you authenticate HTTP requests using bearer tokens in your Node.js applications. Bearer tokens are typically used protect API endpoints, and are often issued using OAuth 2.0. You have to pass token in req.header, req.body and req.query, (priority is as mentioned)

By plugging into Passport, bearer token support can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-http-api-token-bearer

Usage

Configure Strategy

The HTTP Bearer authentication strategy authenticates users using a bearer token. The strategy requires a verify callback, which accepts that credential and calls done providing a user. Optional info can be passed, typically including associated scope or object.

This strategy will use default token name, which is `access_token`
passport.use(new BearerStrategy(
  function(token, done) {
    User.findOne({ token: token }, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      return done(null, user, { scope: 'all' });
    });
  }
));

OR

passport.use(new BearerStrategy({
        access_token: 'x-access-token'      /// you can define custom access_token name here,
    },
  function(token, done) {
    User.findOne({ token: token }, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false, {statusCode:404, error: true, message: "Not Found"}); }
      return done(null, user, { scope: 'all' });
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'token-bearer' strategy, to authenticate requests. Requests containing bearer tokens do not require session support, so the session option can be set to false.

For example, as route middleware in an Express application:

app.get('/profile', 
  passport.authenticate('token-bearer', { session: false }),
  function(req, res) {
    res.json(req.user);
  });

  app.all('/api/*', function(req, res, next){
      passport.authenticate('token-bearer', { session: false }, function(err, user, info) {
        return res.status(info.statusCode).json({ error: info.error, message: info.message, result: info.result });
      })(req, res);
  });

Credits

License

The MIT License

About

HTTP authentication strategy for Passport with custom token name to pass via header, body or query parameter

Topics

passport strategy bearer-token

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 1

passport-http-api-token-bearer-v1.0.1 Latest
Oct 20, 2015

Packages

No packages published

Languages