passport-thinkful

Thinkful's authentication strategy for Passport.

This module authenticates requests intended for Thinkful services. It wraps http-passport-bearer with a JWT verification step.

Install

$ npm install passport-thinkful

Usage

Configure Strategy

passport.use(new ThinkfulStrategy(
  { secret: publicPrivateSigningKey },
  function (req, user, done) {
    request.get(USER_API_ENDPOINT)
      .set('Authorization', req.headers.authorization)
      .end(function (err, res) {
        if (err) { return done(err); }
        if (!res.body || !res.body.user) { return done(null, false); }
        return done(null, res.body.user);
      });
  }
));

Authenticate Requests

Use passport.authenticate('thinkful') to authenticate requests. JWT authorization tokens negate the need for sessions, so the session option should be set to false.

An Express route middleware example:

app.get('/users/me',
  passport.authenticate('thinkful', { session: false }),
  function(req, res) { res.json(req.user); }
);