Copyright © 2014 Stormpath, Inc. and contributors.
This project is open-source via the Apache 2.0 License.
For additional information, please see the Stormpath Node.js API Documentation.
npm install stormpath
The Quickstart is on the front page of the Stormpath Node.js API Documentation.
application.authenticateApiRequest(options,cb)
now requires you to supply the request method asoptions.request.method
- OAuth token requests must use POST, see RFC749 3.2
authenticationResult
objects now include the granted scope on the object, see RFC749 5.1- Improve documentation of the
path
option forapplication.createIdSiteUrl
Cache fix that was preventing expanded resources from being cached
Fix the Oauth authenticator to provide requestedScopes
and grantedScopes
as an array of strings, not a single string.
Updated User-Agent string to be spec compliant and extendable
Your own hosted, white-labeled Identity Site, what we call an 'ID Site'!
You can have a 100% customizable white-labeled site, for example, https://id.awesomeapp.com
or
https://my.awesomeapp.com
, hosted and served securely by Stormpath. Your ID Site provides your end-users with a
hosted and secure registration, login, and password reset functionality, and completely hands-off integration with
Google and Facebook!.
Your white-labeled ID Site is beautiful and 'just works' out-of-the box and requires no development effort, but if you want to customize it in any way, you can easily fork our default GitHub repo and customize it as you desire, and we'll serve your fork securely just the same.
All that is required for this to work is that your application redirects your end-user to your secure ID Site URL and, when the user is done, can receive a redirect back to your application. This 0.4.0 release includes two additional functions so you don't have to code that yourself.
See the new createIdSiteUrl method (for redirecting end-users to your ID Site) and the handleIdSiteCallback method (for handling the return reply from your ID Site) for code examples!
For a comprehensive overview of the ID Site feature, see the ID Site Feature Guide
- When you call
save()
anddelete()
on any resource, the callback is now optional and can be omitted. - HTML/CSS layout improvements to the documentation app, it is now mobile friendly!
- Several descriptive fixes to the documentation.
Secure your REST API using OAuth 2!
The Stormpath Node SDK can now act as an OAuth 2 Provider with full API Key management support!
You can now use the Node SDK to create and manage API Keys for your end-users so they can authenticate with your own REST API. You can create, delete, enable/disable as many API Keys as you want for each of your end-user Account resources. See the Account resource's createApiKey and getApiKeys methods.
Now for the really powerful stuff: the Stormpath Node SDK implements OAuth2 provider functionality. Your end-users can use these API Keys to make OAuth 2 requests to your REST API, and the Stormpath Node SDK will authenticate the requests via OAuth as you wish. This includes both OAuth 2 access token requests (e.g. the /oauth/token endpoint) as well as resource requests (e.g. /movies/1234). At no point do you ever need to see, touch, or write OAuth code! The Stormpath SDK does it for you.
See the Application resource's authenticateApiRequest
method for detailed information.
-
You can use the new method
Application.resetPassword()
to validate a password reset token AND set a new password, with just one call to our API -
You can authenticate an account against a specific account store when calling
Application.authenticateAccount()
, this is a useful performance option if you have a large number of stores and you know which store the user is in.
Improvements:
-
Support Redis and Memcahced as cache stores
-
Social provider support for Google and Facebook
-
Create, modify, delete Account Store Mappings
-
Add iterator methods to collection resources
Fixes:
-
Cache regions are now implemented
-
Tenant.verifyAccountEmail
returns anAccount
object, as expected
Breaking changes:
Cache
now takes an options hash instead of positional params
Fixed Readme to reflect 0.1.1 changes (this release does not affect code at all).
Minor bugfix point release that fixes a bug where authentication fails when caching is enabled.
Also added a new quickstart.js file that reflects the Stormpath Node.js Quickstart Documentation.
Our first Node.js SDK release!
All functionality compared to our other SDKs is present except:
-
More robust CustomData support. You can create and update an account's or group's custom data as part of the account or group creation or update request - you just can't manipulate and save the custom data by itself (i.e.
customData.save()
won't work, butaccount.save()
will). -
Caching implementations for network-accessible stores like Memcache and Redis. A local in-memory (non clustered) cache mechanism is in place however.
-
Exhaustive documentation. We think that the docs we have in place right now are pretty awesome and should cover most needs. However, we want to finish out any remaining missing docs before the next release.
-
Exhaustive tests. While we have been running integration tests regularly, the test coverage can be much better. We already have 100% coverage on some core internals (like the
DataStore
andRequestExecutor
), so we're confident with most of the implementations - enough to cut a release. We will be finishing these entirely however in upcoming releases.
We're already actively working on a follow-up 0.2 release, but in the spirit of 'release early, release often', we wanted to get what we had out the door today to receive community feedback - please let us know your thoughts!
Send us an email to [email protected] or open up a Pull Request and offer suggestions!
This code does not require a build step and can be immediately required by your node application after installed from npm (see above).
You may run the unit tests with the grunt command:
grunt
Or the integration tests (which assume an apikey file in ~/.stormpath
):
grunt it
To build the documentation, you need to enter the docs
directory, then run:
$ npm install -g bower
$ npm install
$ bower install
$ grunt
The grunt serve
command will build and serve the docs locally on port 9000. You can
view the HTML documentation by visiting http://localhost:9000/home in your browser.
In lieu of a formal styleguide, take care to maintain the existing coding style. Add unit tests for any new or changed functionality. Lint and test your code using Grunt.