Skip to content

Commit cffbf30

Browse files
jaredhansonjaredhanson
committed
Add usage of consumer strategy to README.
1 parent 82c7664 commit cffbf30

File tree

1 file changed

+51
-0
lines changed

1 file changed

+51
-0
lines changed

README.md

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,57 @@ or [Twitter](https://github.com/jaredhanson/passport-twitter)), please see
1818
[Passport-OAuth](https://github.com/jaredhanson/passport-oauth) for the
1919
appropriate strategy.
2020

21+
## Usage of Consumer Strategy
22+
23+
#### Configure Strategy
24+
25+
The OAuth consumer authentication strategy authenticates consumers based on a
26+
consumer key and secret (and optionally a temporary request token and secret).
27+
The strategy requires a `consumer` callback, `token` callback, and `validate`
28+
callback. The secrets supplied by the `consumer` and `token` callbacks are used
29+
to compute a signature, and authentication fails if it does not match the
30+
request signature. `consumer` as supplied by the `consumer` callback is the
31+
authenticating entity of this strategy, and will be set by Passport at
32+
`req.user`.
33+
34+
passport.use('consumer', new ConsumerStrategy(
35+
function(consumerKey, done) {
36+
Consumer.findByKey({ key: consumerKey }, function (err, consumer) {
37+
if (err) { return done(err); }
38+
if (!consumer) { return done(null, false); }
39+
return done(null, consumer, consumer.secret);
40+
});
41+
},
42+
function(requestToken, done) {
43+
RequestToken.findOne(requestToken, function (err, token) {
44+
if (err) { return done(err); }
45+
if (!token) { return done(null, false); }
46+
// third argument is optional info. typically used to pass
47+
// details needed to authorize the request (ex: `verifier`)
48+
return done(null, token.secret, { verifier: token.verifier });
49+
});
50+
},
51+
function(timestamp, nonce, done) {
52+
// validate the timestamp and nonce as necessary
53+
done(null, true)
54+
}
55+
));
56+
57+
#### Authenticate Requests
58+
59+
Use `passport.authenticate()`, specifying the `'consumer'` strategy, to
60+
authenticate requests. This strategy is intended for use in the request token
61+
and access token API endpoints, so the `session` option can be set to `false`.
62+
63+
For example, as route middleware in an [Express](http://expressjs.com/)
64+
application:
65+
66+
app.get('/access_token',
67+
passport.authenticate('consumer', { session: false }),
68+
oauthorize.requestToken(
69+
// ...
70+
});
71+
2172
## Examples
2273

2374
The [example](https://github.com/jaredhanson/oauthorize/tree/master/examples/express2)

0 commit comments

Comments
 (0)