new Strategy([options], verify)
-
options
<Object>-
realm
<string>Value indicating the protection space over which credentials are valid.
Default:'Users'
. -
scope
<string>Value indicating required scope needed to access protected resources.
-
passReqToCallback
<boolean>When
Default:true
, theverify
function receives the request object as the first argument, in accordance with theStrategy~verifyWithReqFn
signature.false
.
-
-
verify
<Strategy~verifyFn> | <Strategy~verifyWithReqFn>Function which verifies access token.
Create a new Strategy
object.
var BearerStrategy = require('passport-http-bearer').Strategy;
new BearerStrategy(function(token, cb) {
tokens.findOne({ value: token }, function(err, claims) {
if (err) { return cb(err); }
if (!claims) { return cb(null, false); }
users.findOne({ id: claims.userID }, function (err, user) {
if (err) { return cb(err); }
if (!user) { return cb(null, false); }
return cb(null, user, { scope: claims.scope });
});
});
});
- Extends: <base.Strategy>
Members
(readonly) name :string
The name of the strategy, set to 'bearer'
.
Type:
- <string>
Methods
(protected) authenticate(req)
-
req
<http.IncomingMessage>The Node.js
IncomingMessage
object.
Authenticate request by verifying access token.
When a bearer token is sent in the request, it will be parsed and the verify function will be called to verify the token and authenticate the request. If a token is not present, authentication will fail with the appropriate challenge and status code.
This function is protected, and should not be called directly. Instead,
use passport.authenticate()
middleware and specify the name
of this strategy and any options.
passport.authenticate('bearer');
Type Definitions
verifyFn(token, cb)
-
token
<string>The access token received in the request.
-
cb
<function>-
err
<Error>An
Error
if an error occured; otherwisenull
. -
user
<Object> | <boolean>An
Object
representing the authenticated user if verification was successful; otherwisefalse
. -
info
<Object>Additional application-specific context that will be passed through for additional request processing.
-
Verifies token
and yields authenticated user.
This function is called by Strategy
to verify an access token, and
must invoke cb
to yield the result.
verifyWithReqFn(req, token, cb)
-
req
<http.IncomingMessage>The Node.js
IncomingMessage
object. -
token
<string>The access token received in the request.
-
cb
<function>-
err
<Error>An
Error
if an error occured; otherwisenull
. -
user
<Object> | <boolean>An
Object
representing the authenticated user if verification was successful; otherwisefalse
. -
info
<Object>Additional application-specific context that will be passed through for additional request processing.
-
Verifies token
and yields authenticated user.
This function is called by Strategy
to verify an access token when
the passReqToCallback
option is set, and must invoke cb
to yield the
result.