thomseddon
commented
9 years ago As an example, what would you do in your itemsController.show method if they don't have a valid token?
Would definitely like to see the restify version!
Open VitaliyR opened 9 years ago
thomseddon
commented
9 years ago As an example, what would you do in your itemsController.show method if they don't have a valid token?
Would definitely like to see the restify version!
VitaliyR
commented
9 years ago @thomseddon sorry for a big delay. For instance, if user is authorized, send him more data than for non-authorized user:
{id: 1, name: "User" }
{id: 1, name: "User", role: "Developer" }
With current implementation it can't be done using same route.
thomseddon
commented
9 years ago I'm not sure this is really proper use of the spec, there is a provision for having different "scopes" but not for public and authenticated access, I would like to have another glance through though to check this feeling is correct...
Hello!
I've found that
oauth.authorise()is checking for authentication in strict mode - thats means that if user is not authenticated - he receives error JSON with 'no token'.
I am suggesting to create another middleware method (or extend this one) to support non strict check - it would do exact same as autorise but if token wrong/non existing just continue pipe execution in usual way.
server.get('/items/:id', server.oauth.authorise(false /*non-strict, default true*/), this.controllers['itemsController'].show);What do you think?
P.S. I've managed to make a lot of changes with my backend because we are using restify and it have differences with express. Maybe... add support for it too? :)