Passport strategy for authenticating with Heroku using the OAuth 2.0 API.
JavaScript Makefile
Switch branches/tags
Nothing to show
Latest commit b067bad May 8, 2017 @mick committed on GitHub Merge pull request #4 from heroku/recommend-state
Recommend usage of state flag
Permalink
Failed to load latest commit information.
examples/login put access_token in authorization header Sep 23, 2013
lib
support/mk
test Update tests to match GithubProfile Nov 5, 2015
.gitignore update gitignore Sep 23, 2013
.npmignore initial commit Sep 23, 2013
.travis.yml update travis config Jan 30, 2015
LICENSE
Makefile Update tests to match GithubProfile Nov 5, 2015
README.md
package.json

README.md

Passport-Heroku

Passport strategy for authenticating with Heroku using the OAuth 2.0 API.

This module lets you authenticate using Heroku in your Node.js applications. By plugging into Passport, Heroku authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-heroku

Usage

Configure Strategy

The Heroku authentication strategy authenticates users using a Heroku account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

The state flag turns on a valuable protection against login CSRF attacks, but is reliant on sessions being enabled. If you're using sessions, you should set the flag and get a layer of defense for free. If you set the flag and no session exists, an error will be thrown.

passport.use(new HerokuStrategy({
    clientID: Heroku_CLIENT_ID,
    clientSecret: Heroku_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/heroku/callback",
    state: true // CSRF protection, necessitates sessions
  },
  function(accessToken, refreshToken, profile, done) {
    User.findOrCreate({ herokuId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'heroku' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/heroku',
  passport.authenticate('heroku'));

app.get('/auth/heroku/callback',
  passport.authenticate('heroku', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Examples

For a complete, working example, refer to the login example.

Tests

$ npm install --dev
$ make test

Build Status

Credits

License

The MIT License

Copyright (c) 2013 Mick Thompson <http://mick.im/>