Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Express middleware for creating BrowserID-authenticated, CORS-enabled REST APIs.
JavaScript
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
test
.gitignore
.travis.yml
README.md
index.js
package.json

README.md

Build Status

This node module contains Express middleware for creating BrowserID-authenticated, CORS-enabled REST APIs.

The idea is that a static web page on any domain can send a BrowserID assertion to any number of CORS REST endpoints and receive a token back, which can be used for further authenticated access. The endpoints keep track not only of the email address of the user, but also the origin (e.g. http://foo.com) that is mediating interactions between the user and the endpoint.

This software is still in an embryonic state. Use at your own risk.

For an example of this middleware in use, see git-browserid-cors or the trivially simple manual test.

Example Scenario

For illustration, here's an example of a front-end at mysite.org communicating with two unrelated APIs at comments.org and favorites.org to provide backing services for the application:

The page at mysite.org might include the following JavaScript for logging the user in:

navigator.id.get(function(assertion) {
  $.post("https://comments.org/token", {
    assertion: assertion
  }, function(info) {
    /* Use info.accessToken for future interactions w/ the comments API
     * by either setting the 'X-Access-Token' header on requests or passing
     * 'accessToken' as a GET/POST parameter. */
  });

  $.post("https://favorites.org/token", {
    assertion: assertion
  }, function(info) {
    /* Use info.accessToken for future interactions w/ the favorites API. */
  });
}

On the server side, comments.org might consist of something akin to the following:

var express = require('express'),
    BrowserIDCORS = require('browserid-cors'),
    app = express.createServer(),
    bic = BrowserIDCORS();

app.use(express.bodyParser());
app.use(bic.fullCORS); // Shortcut for making our whole site CORS-friendly.
app.post('/token', bic.handleTokenRequest);
app.post('/comment', bic.requireAccessToken, function(req, res) {
  /* Use req.user.email to get the current user's email address, and
   * req.user.origin to get the origin of the site making this request
   * on the user's behalf. */
});

Quick Start

git clone git://github.com/toolness/browserid-cors.git
cd browserid-cors
npm install
npm test
Something went wrong with that request. Please try again.