passport-access-token
Advanced tools
Passport strategy for authenticating with an access token.
This module lets you authenticate using an access token in your Node.js applications. By plugging into Passport, token based authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
This can easily be used to create a password reset mechanism by providing the user with a link containing an access token that is then instantaneously revoked as soon as she sets a new password.
$ npm install passport-access-token --save
The local authentication strategy authenticates users using an access token. The strategy requires a verify callback, which accepts these
credentials and calls done providing a user.
const AccessTokenStrategy = require('passport-access-token').Strategy
passport.use(new AccessTokenStrategy({
tokenParam: 'token'
}, (token, done) => {
User.findOne({ onetimePassword: token }, (err, user) => {
if (err) { return done(err); }
if (!user) { return done(null, false); }
// delete the onetimePassword after the user has set the new password
return done(null, user);
});
}
));
The access token can be stored in three different locations which are configured as follows:
tokenParam option (default: 'token')tokenHeader option (default: 'accessToken')tokenField option (default: 'Authorization')extractor option that can be supplied with a function of the signature
function (req) {...} which returns the access token retrieved by some custom code from the HTTP request (default: undefined)Use passport.authenticate(), specifying the 'token' strategy, to
authenticate requests.
For example, as route middleware in an Express application:
app.get('/login/:token',
passport.authenticate('token', { failureRedirect: '/login' }),
(req, res) => {
res.redirect('/');
});
Copyright (c) 2015 Christian Vaas
FAQs
Local access token authentication strategy for Passport.
We found that passport-access-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.