Skip to content

jtremback/browserid-cors

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits

lib

lib

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

README.md

README.md

 
 

index.js

index.js

 
 

package.json

package.json

 
 

Repository files navigation

Build Status

This node module contains Express middleware for creating BrowserID-authenticated, CORS-enabled REST APIs.

The idea is that a static web page on any domain can send a BrowserID assertion to any number of CORS REST endpoints and receive a token back, which can be used for further authenticated access. The endpoints keep track not only of the email address of the user, but also the origin (e.g. http://foo.com) that is mediating interactions between the user and the endpoint.

This software is still in an embryonic state. Use at your own risk.

For an example of this middleware in use, see git-browserid-cors or the trivially simple manual test.

Example Scenario

For illustration, here's an example of a front-end at mysite.org communicating with two unrelated APIs at comments.org and favorites.org to provide backing services for the application:

The page at mysite.org might include the following JavaScript for logging the user in:

navigator.id.get(function(assertion) {
  $.post("https://comments.org/token", {
    assertion: assertion
  }, function(info) {
    /* Use info.accessToken for future interactions w/ the comments API
     * by either setting the 'X-Access-Token' header on requests or passing
     * 'accessToken' as a GET/POST parameter. */
  });

  $.post("https://favorites.org/token", {
    assertion: assertion
  }, function(info) {
    /* Use info.accessToken for future interactions w/ the favorites API. */
  });
}

On the server side, comments.org might consist of something akin to the following:

var express = require('express'),
    BrowserIDCORS = require('browserid-cors'),
    app = express.createServer(),
    bic = BrowserIDCORS();

app.use(express.bodyParser());
app.use(bic.fullCORS); // Shortcut for making our whole site CORS-friendly.
app.post('/token', bic.handleTokenRequest);
app.post('/comment', bic.requireAccessToken, function(req, res) {
  /* Use req.user.email to get the current user's email address, and
   * req.user.origin to get the origin of the site making this request
   * on the user's behalf. */
});

Quick Start

git clone git://github.com/toolness/browserid-cors.git
cd browserid-cors
npm install
npm test

About

Express middleware for creating BrowserID-authenticated, CORS-enabled REST APIs.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published