Per-request scoped scope about connect-auth HOT 5 OPEN

It seems like the best thing to do would probably be to change strategies into a hash or an array of hashes

req.authenticate([{ "name": "facebook", "scope": ["email", "birthday"] }], cb);

This way all of the internals could be changed to turn the string into a hash unobtrusively. It would be a new opt-in feature from the existing api user's perspective.

Would you accept such a change?

from connect-auth.

Hmm, yes I see what you're saying, currently to pass per-request authentication settings you would need to set something on the request (or response) so that it could be used in facebook.authenticate etc.

I think that we could achieve this with minimal changes, using the existing APIs;

1. requestMethods#authenticate already takes an optional hash or 'options' as the second argument the signature is mixed-in to become req.authenticate(strategy, options, cb) or req.authenticate(strategy, cb) (in auth_middleware.js). Currently the only thing on that opts that does 'anything' is 'scope' the idea being a user can be authenticated as a 'guest' user or 'admin' user or 'someone else'
2. Currently these options are discarded within requestMethods#authenticate, we could pass them through to the authContext
3. We could then in authExecutionScope.ctr() add these options to itself and provide a nice tidy method to expose them (the methods of these instances are available on 'this' within facebook#authenticate
4. Then in facebook#authenticate could just check these options as well as my.scope to allow overriding of the requested scope?

Thoughts?

from connect-auth.

To help me understand a little better. The new call would look like this?

req.authenticate(['facebook'], { scopes: ["email", "birthday"] }, onAuthenticated);

from connect-auth.

Bump. Did I understand you correctly or not?

From what I saw in the code I think that it would be less work and cleaner to change the signature to this, but maybe I missed something.

req.authenticate([{ "name": "facebook", "scope": ["email", "birthday"] }], cb);

from connect-auth.

Sorry, I meant, something like:

req.authenticate( 'facebook', { "facebook" : { scope: ["email", "birthday"] } } , cb)

That middle argument hash already exists on the API, just needs plumbing through, however it isn't as clean as your suggestion, in this scenario. (there's an unfortunate collision here between the already supported 'scope' property on that hash and facebook's scope :)

from connect-auth.