mbell8903/passport-auth-token

# passport-auth-token

[![Build](https://travis-ci.org/mbell8903/passport-auth-token.png)](https://travis-ci.org/mbell8903/passport-auth-token)
[![Coverage Status](https://coveralls.io/repos/mbell8903/passport-auth-token/badge.png)](https://coveralls.io/r/mbell8903/passport-auth-token)
[![Quality](https://codeclimate.com/github/mbell8903/passport-auth-token.png)](https://codeclimate.com/github/mbell8903/passport-auth-token)
[![Dependencies](https://david-dm.org/mbell8903/passport-auth-token.png)](https://david-dm.org/mbell8903/passport-auth-token)


[Passport](http://passportjs.org/) strategy for authenticating with an authentication token.

This module lets you authenticate using a token in your Node.js
applications. It is based on passport-local module by Jared Hanson.
By plugging into Passport, token authentication can be easily and
unobtrusively integrated into any application or framework that supports
[Connect](http://www.senchalabs.org/connect/)-style middleware, including
[Express](http://expressjs.com/).

## Install

    $ npm install passport-auth-token

## Usage

#### Configure Strategy

The token authentication strategy authenticates users using a token.
The strategy requires a `verify` callback, which accepts these
credentials and calls `done` providing a user.
Here is the pseudo code.

    passport.use('authtoken', new AuthTokenStrategy(
      function(token, done) {
        AccessToken.findOne({
          id: token
        }, function(error, accessToken) {
          if (error) {
            return done(error);
          }

          if (accessToken) {
            if (!token.isValid(accessToken)) {
              return done(null, false);
            }

            User.findOne({
              id: accessToken.userId
            }, function(error, user) {
              if (error) {
                return done(error);
              }

              if (!user) {
                return done(null, false);
              }

              return done(null, user);
            });
          } else {
            return done(null);
          }
        });
      }
    ));

#### Authenticate Requests

Use `passport.authenticate()`, specifying the `'authtoken'` strategy, to
authenticate requests.

For example, as route middleware in an [Express](http://expressjs.com/)
application:

    app.post('/login',
      passport.authenticate(
        'authtoken',
        {
          session: false,
          optional: false
        }
      ),
      function(req, res) {
        res.redirect('/');
      }
    );

You can also set the parameter `optional` to true, so the same call can be both authenticated and not authenticated.

## Configuration Options

#### `tokenFields` Array<String> ####
An array of field names where the token is found, defaults to `[token]`

#### `headerFields` Array<String> ####
An array of field names where the token is found, defaults to `[]`

#### `passReqToCallback` Boolean ####
When `true`, `req` is the first argument to the verify callback (default: `false`)

#### `params` Boolean ####
When `true` the request params are also included in the lookup

#### `optional` Boolean ####
When `true` the token is optional and the strategy does't return an error

#### `caseInsensitive` Boolean ####
When `true` the token is check is case insensitive

## Tests

    $ npm install
    $ npm test

## Credits

  - [Mike Bell](http://github.com/mbell8903)

## License

[The MIT License](http://opensource.org/licenses/MIT)

Copyright (c) 2014 Mike Bell