gmaniac
commented
9 years ago As long as we can maintain previous version I think this might be a cool feature. Let me know if you need help with anything.
Open charwking opened 9 years ago
gmaniac
commented
9 years ago As long as we can maintain previous version I think this might be a cool feature. Let me know if you need help with anything.
charwking
commented
9 years ago After thinking about this some, I don't think utilizing an includeTokenEndpoint options flag is going to be the best approach. The requiredHooks passed to makeSetup are going to change based on whether the flag is there. (i.e. it doesn't make sense to require a grantToken hook if the the user doesn't want the token endpoint setup.) And the code in makeSetup would need multiple new if-checks to handle the includeTokenEndpoint flag.
Instead, I was thinking about adding some new top-level functions to the library:
// Adds logic to authenticate tokens
restifyOAuth2.ccAuthenticator(server, options);
// Adds logic (and endpoint) to grant tokens
restifyOAuth2.ccGrantor(server, options);
// Adds both, just like current version, but uses above two functions to make it happen
restifyOAuth2.cc(server, options);A similar approach would be taken for ropc. Does this sound okay? Would you like one single PR, or several smaller ones?
gmaniac
commented
9 years ago This looks good, a single PR would be fine. Let me know if you have any questions.
Is there any interest in supporting some way of disabling the automatic addition of the
/tokenroute in order to support usage of restify-oauth2 in multiple servers on the same domain?My use case is that I'd like to have a restify server running at
mydomain.com/api/authwhich has a/tokenroute, and then multiple other servers running at other points which do not grant tokens, but use the restify-oauth2 library to validate tokens.To be more explicit, I'm interested in something like this:
If there's interest, I'm happy to work on a pull request. Thanks!