Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent automatic addition of token endpoint #29

Open
charwking opened this issue Mar 13, 2015 · 3 comments
Open

Prevent automatic addition of token endpoint #29

charwking opened this issue Mar 13, 2015 · 3 comments

Comments

@charwking
Copy link

Is there any interest in supporting some way of disabling the automatic addition of the /token route in order to support usage of restify-oauth2 in multiple servers on the same domain?

My use case is that I'd like to have a restify server running at mydomain.com/api/auth which has a /token route, and then multiple other servers running at other points which do not grant tokens, but use the restify-oauth2 library to validate tokens.

To be more explicit, I'm interested in something like this:

// ====== server running at mydomain.com/api/auth ======

var restify = require('restify'),
   restifyOauth2 = require('restify-oauth2');

// server setup ...

restifyOAuth2.cc(server, {includeTokenEndpoint: true});
server.listen(8080);

// ====== server running at mydomain.com/api/users ======

var restify = require('restify'),
   restifyOauth2 = require('restify-oauth2');

// server setup...

restifyOAuth2.cc(server, {includeTokenEndpoint: false});

server.get('/', function (req, res) {
   if (!req.clientId) {
      return res.sendUnauthenticated();
   }

   res.contentType = 'application/json';
   res.send({message: 'I can tell you got a token from the other server'});
});

server.listen(8090);

If there's interest, I'm happy to work on a pull request. Thanks!
@gmaniac
Copy link
Collaborator

gmaniac commented Mar 17, 2015

As long as we can maintain previous version I think this might be a cool feature. Let me know if you need help with anything.

@charwking
Copy link
Author

After thinking about this some, I don't think utilizing an includeTokenEndpoint options flag is going to be the best approach. The requiredHooks passed to makeSetup are going to change based on whether the flag is there. (i.e. it doesn't make sense to require a grantToken hook if the the user doesn't want the token endpoint setup.) And the code in makeSetup would need multiple new if-checks to handle the includeTokenEndpoint flag.

Instead, I was thinking about adding some new top-level functions to the library:

// Adds logic to authenticate tokens
restifyOAuth2.ccAuthenticator(server, options);

// Adds logic (and endpoint) to grant tokens
restifyOAuth2.ccGrantor(server, options);

// Adds both, just like current version, but uses above two functions to make it happen
restifyOAuth2.cc(server, options);

A similar approach would be taken for ropc. Does this sound okay? Would you like one single PR, or several smaller ones?

@gmaniac
Copy link
Collaborator

gmaniac commented May 19, 2015

This looks good, a single PR would be fine. Let me know if you have any questions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gmaniac @charwking