Skip to content

Commit

Permalink
Update protected route middleware docs
Browse files Browse the repository at this point in the history
- The stormpath middleware, stormpath.authenticationRequired, depends
  on cookie-parser being defined.  Cookie-parser will attach cookies
  from the request and attach them to the canonical req object in
  express.  This property is then used by the middelware to verify
  the authenticity of the user and properly secure the route.
- This commit provides additional requirements to users who are
  leveraging the authenticationRequired middleware

Closes stormpath#602
  • Loading branch information
oshalygin committed Feb 21, 2017
1 parent 80cf1a4 commit 6ffd124
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,25 @@ Follow these steps to add Stormpath user authentication to your Express.js app.
//...
});
```

The `stormpath.authenticationRequired` middleware depends on the `cookie-parser` middleware, make sure that you are including the `cookie-parser` prior to all of your secured routes:

```javascript
var express = require('express');
var stormpath = require('express-stormpath');
var cookieParser = require('cookie-parser');

var app = express();

// Include the cookier-parser middleware prior to securing the route with 'stormpath.authenticationRequired'
app.use(cookieParser());
app.use(stormpath.init(application, stormpathConfiguration));


app.get('/secret', stormpath.authenticationRequired, function(req, res){
//...
});
```

For API services that use HTTP Basic Auth, use
`stormpath.apiAuthenticationRequired`:
Expand All @@ -129,6 +148,7 @@ Follow these steps to add Stormpath user authentication to your Express.js app.

If the user tries to access this route without being logged in, they will be redirected to the login page.


10. **Login**

To access a protected route, the user must first login.
Expand Down

0 comments on commit 6ffd124

Please sign in to comment.