AuthenticateHandler

Kind: global class

• AuthenticateHandler
  • new AuthenticateHandler(options)
  • .handle(request, response) ⇒ Promise.<*>
  • .getTokenFromRequest(request)
  • .getTokenFromRequestHeader(request)
  • .getTokenFromRequestQuery(request)
  • .getTokenFromRequestBody(request)
  • .getAccessToken(token)
  • .validateAccessToken()
  • .verifyScope()
  • .updateResponse()

new AuthenticateHandler(options)

Throws:

• InvalidArgumentError if {model} is missing or does not implement getAccessToken

Param	Type	Default	Description
options	object		Server options.
options.model	Model		The Model; this is always required.
options.scope	Array.<string> | undefined		The scope(s) to authenticate.
[options.addAcceptedScopesHeader]	boolean	true	Set the X-Accepted-OAuth-Scopes HTTP header on response objects.
[options.addAuthorizedScopesHeader]	boolean	true	Set the X-OAuth-Scopes HTTP header on response objects.
[options.allowBearerTokensInQueryString]	boolean	false	Allow clients to pass bearer tokens in the query string of a request.

authenticateHandler.handle(request, response) ⇒ Promise.<*>

Handles the authentication

Kind: instance method of AuthenticateHandler

Param	Type
request	Request
response	Response

authenticateHandler.getTokenFromRequest(request)

Get the token from the header or body, depending on the request.

"Clients MUST NOT use more than one method to transmit the token in each request."

Kind: instance method of AuthenticateHandler
See: {https://tools.ietf.org/html/rfc6750#section-2}

Param	Type
request	Request

authenticateHandler.getTokenFromRequestHeader(request)

Get the token from the request header.

Kind: instance method of AuthenticateHandler
See: {http://tools.ietf.org/html/rfc6750#section-2.1}

Param	Type
request	Request

authenticateHandler.getTokenFromRequestQuery(request)

Get the token from the request query.

"Don't pass bearer tokens in page URLs: Bearer tokens SHOULD NOT be passed in page URLs (for example, as query string parameters). Instead, bearer tokens SHOULD be passed in HTTP message headers or message bodies for which confidentiality measures are taken. Browsers, web servers, and other software may not adequately secure URLs in the browser history, web server logs, and other data structures. If bearer tokens are passed in page URLs, attackers might be able to steal them from the history data, logs, or other unsecured locations."

Kind: instance method of AuthenticateHandler
See: http://tools.ietf.org/html/rfc6750#section-2.3

Param	Type
request	Request

authenticateHandler.getTokenFromRequestBody(request)

Get the token from the request body.

"The HTTP request method is one for which the request-body has defined semantics. In particular, this means that the "GET" method MUST NOT be used."

Kind: instance method of AuthenticateHandler
See: http://tools.ietf.org/html/rfc6750#section-2.2

Param	Type
request	Request

authenticateHandler.getAccessToken(token)

Get the access token from the model.

Kind: instance method of AuthenticateHandler

Param
token

authenticateHandler.validateAccessToken()

Validate access token.

Kind: instance method of AuthenticateHandler

authenticateHandler.verifyScope()

Verify scope.

Kind: instance method of AuthenticateHandler

authenticateHandler.updateResponse()

Update response.

Kind: instance method of AuthenticateHandler