Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
passport-bitbucket-token
Advanced tools
Passport strategy for authenticating with Bitbucket access tokens using the OAuth 2.0 API.
Passport strategy for authenticating with Bitbucket access tokens using the OAuth 2.0 API.
Library is inspired by passport-facebook-token.
npm install passport-bitbucket-token
The Bitbucket authentication strategy authenticate users using Bitbucket account and OAuthe 2 tokens. The strategy requires two parameters: options
and verify
callback.
options
are used to configure strategy. verify
callback is function that accepts 4 arguments: accessToken
, refreshToken
, profile
, done
. profile
is parsed Bitbucket profile. done
is method which is called with user when verify
method is finished.
var BitbucketTokenStrategy = require('passport-bitbucket-token');
passport.use(new BitbucketTokenStrategy({
clientID: 'app-id',
clientSecret: 'client-secret'
},
function (accessToken, refreshToken, profile, done) {
User.upsertUser(accessToken, refreshToken, profile, function(err, user) {
return done(err, user);
});
}));
apiVersion
- Which version of Bitbucket API user want to use. Allowed values are 1.0 or 2.0.accessTokenField
- Name of HTTP header, body field or query parameter where access token is stored in requestrefreshTokenField
- Name of HTTP header, body field or query parameter where refresh token is stored in requestpassReqToCallback
- Should verify
function received as first parameter req
objectprofileWithEmail
- If true
library will try to load profile with all emails that are associated with profile. email
is scope that is required. If nothing is selected emails will not be loaded.router.route('/auth/bitbucket')
.post(passport.authenticate('bitbucket-token'), function(req, res, next) {
if (!req.user) {
return res.send(401, 'User Not Authenticated');
}
res.send(200);
});
GET /auth/bitbucket?access_token=<TOKEN>
GET /auth/bitbucket HTTP/1.1
Host: example.com
Authorization: Bearer base64_access_token_string
POST /auth/bitbucket HTTP/1.1
Host: example.com
access_token=base64_access_token_string
passport-bitbucket-token is released under MIT License.
FAQs
Passport strategy for authenticating with Bitbucket access tokens using the OAuth 2.0 API.
The npm package passport-bitbucket-token receives a total of 0 weekly downloads. As such, passport-bitbucket-token popularity was classified as not popular.
We found that passport-bitbucket-token demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.