Skip to content
Browse files

Update documentation to reflect req.authInfo support.

  • Loading branch information...
1 parent 8cac4ca commit 96b8e17f6a58b0f1c0d0272c2f6c5821e5db9162 @jaredhanson committed Jul 10, 2012
Showing with 10 additions and 9 deletions.
  1. +5 −3 README.md
  2. +5 −6 lib/passport-http-bearer/strategy.js
View
8 README.md
@@ -21,15 +21,17 @@ integrated into any application or framework that supports
The HTTP Bearer authentication strategy authenticates users using a bearer
token. The strategy requires a `validate` callback, which accepts that
-credential and calls `done` providing a user.
+credential and calls `done` providing a user. Optional `info` can be passed,
+typically including associated scope, which will be set by Passport at
+`req.authInfo` to be used by later middleware for authorization and access
+control.
passport.use(new BearerStrategy(
function(token, done) {
User.findOne({ token: token }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
- if (!sufficientScope(user, token)) { return done(new bearer.AuthenticationError('', 'insufficient_scope')); }
- return done(null, user);
+ return done(null, user, { scope: 'all' });
});
}
));
View
11 lib/passport-http-bearer/strategy.js
@@ -14,10 +14,10 @@ var passport = require('passport')
*
* Applications must supply a `verify` callback which accepts a `token`, and
* then calls the `done` callback supplying a `user`, which should be set to
- * `false` if the token is not valid. If a token-related authentication error
- * occurs, `err` should be set to an `AuthenticationError` containing relevant
- * information to be returned to the client in the authentication challenge. If
- * an exception occured, `err` should be set to a generic `Error`.
+ * `false` if the token is not valid. Additional token `info` can optionally be
+ * passed as a third argument, which will be set by Passport at `req.authInfo`,
+ * where it can be used by later middleware for access control. This is
+ * typically used to pass any scope associated with the token.
*
* Options:
* - `realm` authentication realm, defaults to "Users"
@@ -30,8 +30,7 @@ var passport = require('passport')
* User.findByToken({ token: token }, function (err, user) {
* if (err) { return done(err); }
* if (!user) { return done(null, false); }
- * if (!sufficientScope(user, token)) { return done(new bearer.AuthenticationError('', 'insufficient_scope')); }
- * return done(null, user);
+ * return done(null, user, { scope: 'all' });
* });
* }
* ));

0 comments on commit 96b8e17

Please sign in to comment.
Something went wrong with that request. Please try again.