Provides authentication for DerbyJS projects
JavaScript CSS
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Derby.js Authentication

derby-auth is no longer being maintained. There is а new derby 0.6/passportjs register/login project with projections so on -

NOTE: Please use the 0.5 branch if you're using Derby/Racer 0.5

Provides authentication middleware (using Passport) for use in your Derby projects.

Step 1

Setup derby-auth strategies and configurations

    auth = require('derby-auth'),

    // Pass in actual Passport Strategy objects as well as their configurations (see
    // Note: this means you'd need "passport-facebook" in your package.json file
    strategies = {
      facebook: {
        strategy: require('passport-facebook').Strategy,
        conf: { clientID: process.env.FACEBOOK_KEY, clientSecret: process.env.FACEBOOK_SECRET }

    // Pass in options. Domain defaults to localhost:3000, but consider it required
    // (It's a Passport technicality, if anyone has suggestions for determining domain on run-time, please message me)
    options = {
        domain: (process.env.NODE_ENV==='production' ? "" : "http://localhost:3000" )

Step 2

Initialize the Store (queries, accessControl, etc)

// initialize queries and accessControl;

Step 3

Use derby-auth's mounted middleware

// derby-auth.middleware is inserted after modelMiddleware and before the app router to pass server accessible data to a model
.use(auth.middleware(strategies, options))

Also, make sure your express app is using sessions:

# Uncomment and supply secret to add Derby session handling
# Derby session middleware creates req.session and sessions
  secret: process.env.SESSION_SECRET || 'YOUR SECRET HERE'
  cookie: {maxAge: ONE_YEAR}

And finaly, we need to add form data parsing support:

// Uncomment to add form data parsing support

Step 4 (optional, recommended)

If you want drop-in Login and Register forms, including form validation, use the <derby-auth:login /> and <derby-auth:register /> components. To enable these, you'll need this in your /lib/app/index.js file:


See the example for more details, as well as login / registration forms, sign-in buttons, etc.

Why not EveryAuth?

This project was originally implemented with Everyauth (see branch), but had some issues:

  1. Every provider had to be implemented individually in code. Passport has an abstraction layer, which is what allows us to pass in Strategy + conf objects in server/index.js for every provider we want enabled.
  2. Password authentication posed technical difficulties. See the Google Group discussion