function Strategy(options, verify) {
if (typeof options == 'function') {
verify = options;
options = {};
}
if (!verify) { throw new TypeError('HTTPBearerStrategy requires a verify callback'); }
passport.Strategy.call(this);
this.name = 'bearer';
this._verify = verify;
this._realm = options.realm || 'Users';
if (options.scope) {
this._scope = (Array.isArray(options.scope)) ? options.scope : [ options.scope ];
}
this._passReqToCallback = options.passReqToCallback;
}n/a
function Strategy(options, verify) {
if (typeof options == 'function') {
verify = options;
options = {};
}
if (!verify) { throw new TypeError('HTTPBearerStrategy requires a verify callback'); }
passport.Strategy.call(this);
this.name = 'bearer';
this._verify = verify;
this._realm = options.realm || 'Users';
if (options.scope) {
this._scope = (Array.isArray(options.scope)) ? options.scope : [ options.scope ];
}
this._passReqToCallback = options.passReqToCallback;
}n/a
function Strategy() {
}n/a
function Strategy(options, verify) {
if (typeof options == 'function') {
verify = options;
options = {};
}
if (!verify) { throw new TypeError('HTTPBearerStrategy requires a verify callback'); }
passport.Strategy.call(this);
this.name = 'bearer';
this._verify = verify;
this._realm = options.realm || 'Users';
if (options.scope) {
this._scope = (Array.isArray(options.scope)) ? options.scope : [ options.scope ];
}
this._passReqToCallback = options.passReqToCallback;
}n/a
function Strategy() {
}n/a
_challenge = function (code, desc, uri) {
var challenge = 'Bearer realm="' + this._realm + '"';
if (this._scope) {
challenge += ', scope="' + this._scope.join(' ') + '"';
}
if (code) {
challenge += ', error="' + code + '"';
}
if (desc && desc.length) {
challenge += ', error_description="' + desc + '"';
}
if (uri && uri.length) {
challenge += ', error_uri="' + uri + '"';
}
return challenge;
}...
}
if (req.query && req.query.access_token) {
if (token) { return this.fail(400); }
token = req.query.access_token;
}
if (!token) { return this.fail(this._challenge()); }
var self = this;
function verified(err, user, info) {
if (err) { return self.error(err); }
if (!user) {
if (typeof info == 'string') {
...authenticate = function (req) {
var token;
if (req.headers && req.headers.authorization) {
var parts = req.headers.authorization.split(' ');
if (parts.length == 2) {
var scheme = parts[0]
, credentials = parts[1];
if (/^Bearer$/i.test(scheme)) {
token = credentials;
}
} else {
return this.fail(400);
}
}
if (req.body && req.body.access_token) {
if (token) { return this.fail(400); }
token = req.body.access_token;
}
if (req.query && req.query.access_token) {
if (token) { return this.fail(400); }
token = req.query.access_token;
}
if (!token) { return this.fail(this._challenge()); }
var self = this;
function verified(err, user, info) {
if (err) { return self.error(err); }
if (!user) {
if (typeof info == 'string') {
info = { message: info }
}
info = info || {};
return self.fail(self._challenge('invalid_token', info.message));
}
self.success(user, info);
}
if (self._passReqToCallback) {
this._verify(req, token, verified);
} else {
this._verify(token, verified);
}
}...
{
"name": "jaredhanson",
"email": "jaredhanson@gmail.com"
}
],
"name": "passport-http-bearer",
"optionalDependencies": {},
"readme": "# passport-http-bearer\n\n[](http://
travis-ci.org/jaredhanson/passport-http-bearer)\n[](https://coveralls.io/r/jaredhanson/passport-http-bearer)\n[](http://david-dm.org/jaredhanson/passport-http-bearer)\n\n\nHTTP Bearer authentication strategy for [Passport](http://passportjs.org/).\n\nThis module lets you authenticate HTTP requests using bearer tokens, as\nspecified by [RFC 6750](http://tools.ietf.org/html/rfc6750), in your Node.js\napplications. Bearer tokens are typically used protect API endpoints, and are\noften issued using OAuth 2.0.\n\nBy plugging into Passport, bearer token support can be easily and unobtrusively\nintegrated into any application or framework that supports\n[Connect](http://www.senchalabs.org/connect/)-style middleware, including\n[Express](http://expressjs.com/).\n\n## Install\n\n $ npm install passport-http-bearer\n\n## Usage\n\n#### Configure Strategy\n\nThe HTTP Bearer authentication strategy authenticates users using a bearer\ntoken. The strategy requires a `verify` callback, which accepts that\ncredential and calls `done` providing a user. Optional `info` can be passed,\ntypically including associated scope, which will be set by Passport at\n`req.authInfo` to be used by later middleware for authorization and access\ncontrol.\n\n passport.use(new BearerStrategy(\n function(token, done) {\n User.findOne({ token: token }, function (err, user) {\n if (err) { return done(err); }\n if (!user) { return done(null, false); }\n return done(null, user, { scope: 'all' });\n });\n }\n ));\n\n#### Authenticate Requests\n\nUse `passport.authenticate()`, specifying the `'bearer'` strategy, to\nauthenticate requests. Requests containing bearer tokens do not require session\nsupport, so the `session` option can be set to `false`.\n\nFor example, as route middleware in an [Express](http://expressjs.com/)\napplication:\n\n app.get('/profile', \n passport.authenticate('bearer', { session: false }),\n function(req, res) {\n res.json(req.user);\n });\n\n#### Issuing Tokens\n\nBearer tokens are typically issued using OAuth 2.0. [OAuth2orize](https://github.com/jaredhanson/oauth2orize)\nis a toolkit for implementing OAuth 2.0 servers and issuing bearer tokens. Once\nissued, this module can be used to authenticate tokens as described above.\n\n## Examples\n\nFor a complete, working example, refer to the [Bearer example](https://github.com/jaredhanson/passport-http-bearer/tree/master/examples/bearer).\n\n## Related Modules\n\n- [OAuth2orize](https://github.com/jaredhanson/oauth2orize) — OAuth 2.0 authorization server toolkit\n\n## Tests\n\n $ npm install\n $ npm test\n\n## Credits\n\n - [Jared Hanson](http://github.com/jaredhanson)\n\n## License\n\n[The MIT License](http://opensource.org/licenses/MIT)\n\nCopyright (c) 2011-2013 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)>\n",
"readmeFilename": "README.md",
"repository": {
"type": "git",
"url": "git://github.com/jaredhanson/passport-http-bearer.git"
},
"scripts": {
"test": "node_modules/.bin/mocha --reporter spec --require test/bootstrap/node test/*.test.js"
...function Strategy() {
}n/a
function Strategy() {
}n/a
authenticate = function (req, options) {
throw new Error('Strategy#authenticate must be overridden by subclass');
}...
{
"name": "jaredhanson",
"email": "jaredhanson@gmail.com"
}
],
"name": "passport-http-bearer",
"optionalDependencies": {},
"readme": "# passport-http-bearer\n\n[](http://
travis-ci.org/jaredhanson/passport-http-bearer)\n[](https://coveralls.io/r/jaredhanson/passport-http-bearer)\n[](http://david-dm.org/jaredhanson/passport-http-bearer)\n\n\nHTTP Bearer authentication strategy for [Passport](http://passportjs.org/).\n\nThis module lets you authenticate HTTP requests using bearer tokens, as\nspecified by [RFC 6750](http://tools.ietf.org/html/rfc6750), in your Node.js\napplications. Bearer tokens are typically used protect API endpoints, and are\noften issued using OAuth 2.0.\n\nBy plugging into Passport, bearer token support can be easily and unobtrusively\nintegrated into any application or framework that supports\n[Connect](http://www.senchalabs.org/connect/)-style middleware, including\n[Express](http://expressjs.com/).\n\n## Install\n\n $ npm install passport-http-bearer\n\n## Usage\n\n#### Configure Strategy\n\nThe HTTP Bearer authentication strategy authenticates users using a bearer\ntoken. The strategy requires a `verify` callback, which accepts that\ncredential and calls `done` providing a user. Optional `info` can be passed,\ntypically including associated scope, which will be set by Passport at\n`req.authInfo` to be used by later middleware for authorization and access\ncontrol.\n\n passport.use(new BearerStrategy(\n function(token, done) {\n User.findOne({ token: token }, function (err, user) {\n if (err) { return done(err); }\n if (!user) { return done(null, false); }\n return done(null, user, { scope: 'all' });\n });\n }\n ));\n\n#### Authenticate Requests\n\nUse `passport.authenticate()`, specifying the `'bearer'` strategy, to\nauthenticate requests. Requests containing bearer tokens do not require session\nsupport, so the `session` option can be set to `false`.\n\nFor example, as route middleware in an [Express](http://expressjs.com/)\napplication:\n\n app.get('/profile', \n passport.authenticate('bearer', { session: false }),\n function(req, res) {\n res.json(req.user);\n });\n\n#### Issuing Tokens\n\nBearer tokens are typically issued using OAuth 2.0. [OAuth2orize](https://github.com/jaredhanson/oauth2orize)\nis a toolkit for implementing OAuth 2.0 servers and issuing bearer tokens. Once\nissued, this module can be used to authenticate tokens as described above.\n\n## Examples\n\nFor a complete, working example, refer to the [Bearer example](https://github.com/jaredhanson/passport-http-bearer/tree/master/examples/bearer).\n\n## Related Modules\n\n- [OAuth2orize](https://github.com/jaredhanson/oauth2orize) — OAuth 2.0 authorization server toolkit\n\n## Tests\n\n $ npm install\n $ npm test\n\n## Credits\n\n - [Jared Hanson](http://github.com/jaredhanson)\n\n## License\n\n[The MIT License](http://opensource.org/licenses/MIT)\n\nCopyright (c) 2011-2013 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)>\n",
"readmeFilename": "README.md",
"repository": {
"type": "git",
"url": "git://github.com/jaredhanson/passport-http-bearer.git"
},
"scripts": {
"test": "node_modules/.bin/mocha --reporter spec --require test/bootstrap/node test/*.test.js"
...