Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

jaredhanson/passport-http-bearer

Repository files navigation

HTTP Bearer authentication strategy forPassport.

This module lets you authenticate HTTP requests usingbearer tokens,as specified byRFC 6750, in yourNode.js applications. By plugging into Passport, bearer token support can beeasily and unobtrusively integrated into any application or framework thatsupportsConnect-stylemiddleware, includingExpress.

🛠️API Reference •:heart:Sponsors

Advertisement
Node.js, Express, MongoDB & More: The Complete Bootcamp 2020
Master Node by building a real-world RESTful API and web app (with authentication, Node.js security, payments & more)

npmbuildcoverage...

Install

$ npm install passport-http-bearer

TypeScript support

$ npm install @types/passport-http-bearer

Usage

Configure Strategy

The HTTP Bearer authentication strategy authenticates users using a bearertoken. The strategy requires averify callback, which accepts thatcredential and callsdone providing a user. Optionalinfo can be passed,typically including associated scope, which will be set by Passport atreq.authInfo to be used by later middleware for authorization and accesscontrol.

passport.use(newBearerStrategy(function(token,done){User.findOne({token:token},function(err,user){if(err){returndone(err);}if(!user){returndone(null,false);}returndone(null,user,{scope:'all'});});}));

Authenticate Requests

Usepassport.authenticate(), specifying the'bearer' strategy, toauthenticate requests. Requests containing bearer tokens do not require sessionsupport, so thesession option can be set tofalse.

For example, as route middleware in anExpressapplication:

app.get('/profile',passport.authenticate('bearer',{session:false}),function(req,res){res.json(req.user);});

Issuing Tokens

Bearer tokens are typically issued using OAuth 2.0.OAuth2orizeis a toolkit for implementing OAuth 2.0 servers and issuing bearer tokens. Onceissued, this module can be used to authenticate tokens as described above.

Making authenticated requests

The HTTP Bearer authentication strategy authenticates requests based on a bearer token contained in the:

  • Authorization header field where the value is in the format{scheme} {token} and scheme is "Bearer" in this case.
  • oraccess_token body parameter
  • oraccess_token query parameter

Examples

For a complete, working example, refer to theBearer example.

Related Modules

License

The MIT License

Copyright (c) 2011-2013 Jared Hanson <https://www.jaredhanson.me/>

Sponsor this project

 

Packages

No packages published

Contributors6

[8]ページ先頭
©2009-2025 Movatter.jp