Enforce authorization based on OAuth scopes set by Passport.js.
JavaScript
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
test
.gitignore
.npmignore
.scaffconfig
.travis.yml
History.md
LICENSE
README.md
index.js
package.json

README.md

passport-scope-restrict Build Status

Enforce authorization based on OAuth scopes set by Passport.js.

This is typically used to protect an API by requiring that the scopes associated with the client are allowed to call the API. Check out passport-http-bearer for one strategy you can build on to achieve this.

Examples

var express = require('express')
  , passport = require('passport')
  , restrict = require('passport-scope-restrict');

// setup your Express app, and configure Passport with some strategy which add `scopes` to `req.authInfo`.

app.use('/api/admin', restrict('admin'));

License

MIT. See LICENSE for details.