Copyright © 2014 Stormpath, Inc. and contributors.

This project is open-source via the Apache 2.0 License.

For additional information, please see the Stormpath Node.js API Documentation.

npm install stormpath

The Quickstart is on the front page of the Stormpath Node.js API Documentation.

• application.authenticateApiRequest(options,cb) now requires you to supply the request method as options.request.method
• OAuth token requests must use POST, see RFC749 3.2

• authenticationResult objects now include the granted scope on the object, see RFC749 5.1
• Improve documentation of the path option for application.createIdSiteUrl

Cache fix that was preventing expanded resources from being cached

Fix the Oauth authenticator to provide requestedScopes and grantedScopes as an array of strings, not a single string.

Updated User-Agent string to be spec compliant and extendable

Your own hosted, white-labeled Identity Site, what we call an 'ID Site'!

You can have a 100% customizable white-labeled site, for example, https://id.awesomeapp.com or https://my.awesomeapp.com, hosted and served securely by Stormpath. Your ID Site provides your end-users with a hosted and secure registration, login, and password reset functionality, and completely hands-off integration with Google and Facebook!.

Your white-labeled ID Site is beautiful and 'just works' out-of-the box and requires no development effort, but if you want to customize it in any way, you can easily fork our default GitHub repo and customize it as you desire, and we'll serve your fork securely just the same.

All that is required for this to work is that your application redirects your end-user to your secure ID Site URL and, when the user is done, can receive a redirect back to your application. This 0.4.0 release includes two additional functions so you don't have to code that yourself.

See the new createIdSiteUrl method (for redirecting end-users to your ID Site) and the handleIdSiteCallback method (for handling the return reply from your ID Site) for code examples!

For a comprehensive overview of the ID Site feature, see the ID Site Feature Guide

• When you call save() and delete() on any resource, the callback is now optional and can be omitted.
• HTML/CSS layout improvements to the documentation app, it is now mobile friendly!
• Several descriptive fixes to the documentation.

Secure your REST API using OAuth 2!

The Stormpath Node SDK can now act as an OAuth 2 Provider with full API Key management support!

You can now use the Node SDK to create and manage API Keys for your end-users so they can authenticate with your own REST API. You can create, delete, enable/disable as many API Keys as you want for each of your end-user Account resources. See the Account resource's createApiKey and getApiKeys methods.

Now for the really powerful stuff: the Stormpath Node SDK implements OAuth2 provider functionality. Your end-users can use these API Keys to make OAuth 2 requests to your REST API, and the Stormpath Node SDK will authenticate the requests via OAuth as you wish. This includes both OAuth 2 access token requests (e.g. the /oauth/token endpoint) as well as resource requests (e.g. /movies/1234). At no point do you ever need to see, touch, or write OAuth code! The Stormpath SDK does it for you.

See the Application resource's authenticateApiRequest method for detailed information.

• You can use the new method Application.resetPassword() to validate a password reset token AND set a new password, with just one call to our API

• You can authenticate an account against a specific account store when calling Application.authenticateAccount(), this is a useful performance option if you have a large number of stores and you know which store the user is in.

Improvements:

• Support Redis and Memcahced as cache stores

• Social provider support for Google and Facebook

• Create, modify, delete Account Store Mappings

• Add iterator methods to collection resources

Fixes:

• Cache regions are now implemented

• Tenant.verifyAccountEmail returns an Account object, as expected

Breaking changes:

• Cache now takes an options hash instead of positional params

Fixed Readme to reflect 0.1.1 changes (this release does not affect code at all).

Minor bugfix point release that fixes a bug where authentication fails when caching is enabled.

Also added a new quickstart.js file that reflects the Stormpath Node.js Quickstart Documentation.

Our first Node.js SDK release!

All functionality compared to our other SDKs is present except:

• More robust CustomData support. You can create and update an account's or group's custom data as part of the account or group creation or update request - you just can't manipulate and save the custom data by itself (i.e. customData.save() won't work, but account.save() will).

• Caching implementations for network-accessible stores like Memcache and Redis. A local in-memory (non clustered) cache mechanism is in place however.

• Exhaustive documentation. We think that the docs we have in place right now are pretty awesome and should cover most needs. However, we want to finish out any remaining missing docs before the next release.

• Exhaustive tests. While we have been running integration tests regularly, the test coverage can be much better. We already have 100% coverage on some core internals (like the DataStore and RequestExecutor), so we're confident with most of the implementations - enough to cut a release. We will be finishing these entirely however in upcoming releases.

We're already actively working on a follow-up 0.2 release, but in the spirit of 'release early, release often', we wanted to get what we had out the door today to receive community feedback - please let us know your thoughts!

Send us an email to [email protected] or open up a Pull Request and offer suggestions!

This code does not require a build step and can be immediately required by your node application after installed from npm (see above).

You may run the unit tests with the grunt command:

grunt

Or the integration tests (which assume an apikey file in ~/.stormpath):

grunt it

To build the documentation, you need to enter the docs directory, then run:

$ npm install -g bower
$ npm install
$ bower install
$ grunt

The grunt serve command will build and serve the docs locally on port 9000. You can view the HTML documentation by visiting http://localhost:9000/home in your browser.

In lieu of a formal styleguide, take care to maintain the existing coding style. Add unit tests for any new or changed functionality. Lint and test your code using Grunt.