Update protected route middleware docs

- The stormpath middleware, stormpath.authenticationRequired, depends on cookie-parser being defined. Cookie-parser will attach cookies from the request and attach them to the canonical req object in express. This property is then used by the middelware to verify the authenticity of the user and properly secure the route. - This commit provides additional requirements to users who are leveraging the authenticationRequired middleware Closes stormpath#602
oshalygin · Feb 21, 2017 · 73e5d7f · 73e5d7f
1 parent 80cf1a4
commit 73e5d7f
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -117,6 +117,25 @@ Follow these steps to add Stormpath user authentication to your Express.js app.
     //...
   });
   ```
+
+  The `stormpath.authenticationRequired` middleware depends on the `cookie-parser` middleware, make sure that you are including the `cookie-parser` prior to all of your secured routes:
+
+  ```javascript
+  var express = require('express');
+  var stormpath = require('express-stormpath');
+  var cookieParser = require('cookie-parser');
+
+  var app = express();
+
+  // Include the cookier-parser middleware prior to securing the route with 'stormpath.authenticationRequired'
+  app.use(cookieParser());
+  app.use(stormpath.init(application, stormpathConfiguration));
+
+
+  app.get('/secret', stormpath.authenticationRequired, function(req, res){ 
+    //...
+  });
+  ```
 
   For API services that use HTTP Basic Auth, use
   `stormpath.apiAuthenticationRequired`:
@@ -129,6 +148,8 @@ Follow these steps to add Stormpath user authentication to your Express.js app.
 
   If the user tries to access this route without being logged in, they will be redirected to the login page.
 
+
+
 10. **Login**
 
   To access a protected route, the user must first login.