Comments (5)
It seems like the best thing to do would probably be to change strategies
into a hash or an array of hashes
req.authenticate([{ "name": "facebook", "scope": ["email", "birthday"] }], cb);
This way all of the internals could be changed to turn the string into a hash unobtrusively. It would be a new opt-in feature from the existing api user's perspective.
Would you accept such a change?
from connect-auth.
Hmm, yes I see what you're saying, currently to pass per-request authentication settings you would need to set something on the request (or response) so that it could be used in facebook.authenticate etc.
I think that we could achieve this with minimal changes, using the existing APIs;
- requestMethods#authenticate already takes an optional hash or 'options' as the second argument the signature is mixed-in to become req.authenticate(strategy, options, cb) or req.authenticate(strategy, cb) (in auth_middleware.js). Currently the only thing on that opts that does 'anything' is 'scope' the idea being a user can be authenticated as a 'guest' user or 'admin' user or 'someone else'
- Currently these options are discarded within requestMethods#authenticate, we could pass them through to the authContext
- We could then in authExecutionScope.ctr() add these options to itself and provide a nice tidy method to expose them (the methods of these instances are available on 'this' within facebook#authenticate
- Then in facebook#authenticate could just check these options as well as my.scope to allow overriding of the requested scope?
Thoughts?
from connect-auth.
To help me understand a little better. The new call would look like this?
req.authenticate(['facebook'], { scopes: ["email", "birthday"] }, onAuthenticated);
from connect-auth.
Bump. Did I understand you correctly or not?
From what I saw in the code I think that it would be less work and cleaner to change the signature to this, but maybe I missed something.
req.authenticate([{ "name": "facebook", "scope": ["email", "birthday"] }], cb);
from connect-auth.
Sorry, I meant, something like:
req.authenticate( 'facebook', { "facebook" : { scope: ["email", "birthday"] } } , cb)
That middle argument hash already exists on the API, just needs plumbing through, however it isn't as clean as your suggestion, in this scenario. (there's an unfortunate collision here between the already supported 'scope' property on that hash and facebook's scope :)
from connect-auth.
Related Issues (20)
- GET /oauth/authorize doesn't validate oauth_token parameter
- Cannot set property 'twitter_oauth_token_secret' of undefined
- ENOENT on installation HOT 5
- Google2 scopes handled incorrectly
- Modularize
- session not kept between http callbacks HOT 10
- how to handle authenticated && !req.isAuthenticated()? HOT 18
- Upgrade dependencies to versions that support 0.10.x HOT 1
- Add an explict LICENSE file HOT 1
- Please provide oauth2 client example as oauth2clientapp.js
- Facebook permission Scopes are buggy
- Support connect 2.8.x
- keyfile instructions unclear
- Has this project been abandoned
- upgrade connect to deal with qs vulnerabilities
- tweet on behalf of user HOT 1
- Archive?
- TypeError: Object #<Object> has no method 'fail' HOT 2
- OAuth data provider's tokenByConsumer() allows exactly one request token per consumer HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connect-auth.