Username and token authentication strategy for Passport - modified from passport-local.

Installation

npm install passport-token

Usage

The token authentication strategy authenticates users using a username and token. The strategy requires a verify callback, which accepts these credentials and calls done providing a user.

var TokenStrategy = require ( 'passport-token' ).Strategy; passport.use( new TokenStrategy( function ( username, token, done ) { User.findOne({ username : username}, function ( err, user ) { if (err) { return done(err); } if (!user) { return done( null , false ); } if (!user.verifyToken(token)) { return done( null , false ); } return done( null , user); }); } ));

By default, passport-token checks for username and token credentials in either the header or request body in these locations:

Headers

Body fields

username token

Configure

These credential locations can be configured when defining the strategy as follows:

var TokenStrategy = require ( 'passport-token' ).Strategy; var strategyOptions = { usernameHeader : 'x-custom-username' , tokenHeader : 'x-custom-token' , usernameField : 'custom-username' , tokenField : 'custom-token' }; passport.use( new TokenStrategy(strategyOptions, function ( username, token, done ) { User.findOne({ username : username}, function ( err, user ) { if (err) { return done(err); } if (!user) { return done( null , false ); } if (!user.verifyToken(token)) { return done( null , false ); } return done( null , user); }); }

Authenticate

Use passport.authenticate() , specifying the token strategy to authenticate requests.

For example, as route middleware in an Express application:

app.put( '/animals/dogs' , passport.authenticate( 'token' ), function ( req, res ) { });

If authentication fails in the above example then a 401 response will be given. However there may be times you wish a bit more control and delegate the failure to your application:

app.put( '/animals/dogs' , authenticate, function (req, res) { // User authenticated and can be found in req. user }); function authenticate(req, res, next) { passport.authenticate( 'token' , function (err, user , info ) { if (err) { return next (err); } if (! user ) { return res.status( 401 ).json({message: "Incorrect token credentials"}); } req. user = user ; next(); }); }

Credits

Jared Hanson

