Strategy

Strategy

This Strategy authenticates HTTP requests that use the Bearer authentication scheme, as specified by RFC 6750.

The bearer token credential can be sent in the HTTP request in one of three different ways. Preferably, the token is sent in the "Authorization" header field:

GET /resource HTTP/1.1
Host: server.example.com
Authorization: Bearer mF_9.B5f-4.1JqM

Alternatively, the token can be sent in a form-encoded body, using the access_token parameter:

POST /resource HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded

access_token=mF_9.B5f-4.1JqM

Or, in the URL, using the access_token query parameter:

GET /resource?access_token=mF_9.B5f-4.1JqM HTTP/1.1
Host: server.example.com

new Strategy([options], verify)

  • options <Object>
    • realm <string>

      Value indicating the protection space over which credentials are valid.

      Default: 'Users'.
    • scope <string>

      Value indicating required scope needed to access protected resources.

    • passReqToCallback <boolean>

      When true, the verify function receives the request object as the first argument, in accordance with the Strategy~verifyWithReqFn signature.

      Default: false.
  • verify <Strategy~verifyFn> | <Strategy~verifyWithReqFn>

    Function which verifies access token.

Create a new Strategy object.

var BearerStrategy = require('passport-http-bearer').Strategy;

new BearerStrategy(function(token, cb) {
  tokens.findOne({ value: token }, function(err, claims) {
    if (err) { return cb(err); }
    if (!claims) { return cb(null, false); }

    users.findOne({ id: claims.userID }, function (err, user) {
      if (err) { return cb(err); }
      if (!user) { return cb(null, false); }
      return cb(null, user, { scope: claims.scope });
    });
  });
});
  • Extends: <base.Strategy>

Members

(readonly) name :string

The name of the strategy, set to 'bearer'.

Type:
  • <string>

Methods

(protected) authenticate(req)

Authenticate request by verifying access token.

When a bearer token is sent in the request, it will be parsed and the verify function will be called to verify the token and authenticate the request. If a token is not present, authentication will fail with the appropriate challenge and status code.

This function is protected, and should not be called directly. Instead, use passport.authenticate() middleware and specify the name of this strategy and any options.

passport.authenticate('bearer');

Type Definitions

verifyFn(token, cb)

  • token <string>

    The access token received in the request.

  • cb <function>
    • err <Error>

      An Error if an error occured; otherwise null.

    • user <Object> | <boolean>

      An Object representing the authenticated user if verification was successful; otherwise false.

    • info <Object>

      Additional application-specific context that will be passed through for additional request processing.

Verifies token and yields authenticated user.

This function is called by Strategy to verify an access token, and must invoke cb to yield the result.

verifyWithReqFn(req, token, cb)

  • req <http.IncomingMessage>

    The Node.js IncomingMessage object.

  • token <string>

    The access token received in the request.

  • cb <function>
    • err <Error>

      An Error if an error occured; otherwise null.

    • user <Object> | <boolean>

      An Object representing the authenticated user if verification was successful; otherwise false.

    • info <Object>

      Additional application-specific context that will be passed through for additional request processing.

Verifies token and yields authenticated user.

This function is called by Strategy to verify an access token when the passReqToCallback option is set, and must invoke cb to yield the result.