From 73e5d7fa6be4fbb4b8bb33cde9d0278f592385c1 Mon Sep 17 00:00:00 2001 From: oshalygin Date: Tue, 21 Feb 2017 12:51:29 -0800 Subject: [PATCH] Update protected route middleware docs - The stormpath middleware, stormpath.authenticationRequired, depends on cookie-parser being defined. Cookie-parser will attach cookies from the request and attach them to the canonical req object in express. This property is then used by the middelware to verify the authenticity of the user and properly secure the route. - This commit provides additional requirements to users who are leveraging the authenticationRequired middleware Closes #602 --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index 06cb598e..7c2c29a7 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,25 @@ Follow these steps to add Stormpath user authentication to your Express.js app. //... }); ``` + + The `stormpath.authenticationRequired` middleware depends on the `cookie-parser` middleware, make sure that you are including the `cookie-parser` prior to all of your secured routes: + + ```javascript + var express = require('express'); + var stormpath = require('express-stormpath'); + var cookieParser = require('cookie-parser'); + + var app = express(); + + // Include the cookier-parser middleware prior to securing the route with 'stormpath.authenticationRequired' + app.use(cookieParser()); + app.use(stormpath.init(application, stormpathConfiguration)); + + + app.get('/secret', stormpath.authenticationRequired, function(req, res){ + //... + }); + ``` For API services that use HTTP Basic Auth, use `stormpath.apiAuthenticationRequired`: @@ -129,6 +148,8 @@ Follow these steps to add Stormpath user authentication to your Express.js app. If the user tries to access this route without being logged in, they will be redirected to the login page. + + 10. **Login** To access a protected route, the user must first login.