Some APIs (including mine!) use HTTP Basic Auth, but read the username as an API token and ignore the password field. Notably, Stripe does this. It would be great to have the ability to pass a passwordRequired option, which defaults to true to preserve backwards compatability, but that can be set to false to disable the requirement.
From this:
var userid = credentials[0];
var password = credentials[1];
if (!userid || !password) {
return this.fail(this._challenge());
}
To this:
var userid = credentials[0];
var password = credentials[1];
if (!userid || (options.passwordRequired && !password)) {
return this.fail(this._challenge());
}
Some APIs (including mine!) use HTTP Basic Auth, but read the username as an API token and ignore the password field. Notably, Stripe does this. It would be great to have the ability to pass a
passwordRequired
option, which defaults to true to preserve backwards compatability, but that can be set to false to disable the requirement.From this:
To this:
I'm happy to submit a pull request