Express-Stormpath

Express-Stormpath is an extension for Express.js that makes it incredibly simple to add user authentication to your application, such as login, signup, authorization, and social login.

Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.

Getting Started
Documentation
Example
Help
Links
License

Getting Started

Follow these steps to add Stormpath user authentication to your Express.js app.

Download Your Key File

Download your key file from the Stormpath Console.

Store Your Key As Environment Variables

Open your key file and grab the API Key ID and API Key Secret, then run these commands to save them as environment variables:

$ export STORMPATH_CLIENT_APIKEY_ID=<YOUR-ID-HERE>
$ export STORMPATH_CLIENT_APIKEY_SECRET=<YOUR-SECRET-HERE>

On Windows, use the setx command instead of export.

Get Your Stormpath App HREF

Login to the Stormpath Console and grab the HREF (called REST URL in the UI) of your Application. It should look something like this:

https://api.stormpath.com/v1/applications/q42unYAj6PDLxth9xKXdL

Store Your Stormpath App HREF In an Environment Variable

$ export STORMPATH_APPLICATION_HREF=<YOUR-STORMPATH-APP-HREF>

On Windows, use the setx command instead of export.

Install The SDK

$ npm install --save express-stormpath

Include It In Your App

var stormpath = require('express-stormpath');

Initialize It

If your app is an API:

Set api to true and point web.spaRoot to where your front-end app is located. This will serve your app and create default API routes for login, registration, etc.

app.use(stormpath.init(app, {
  api: true,
  web: {
    spaRoot: path.join(SPA_ROOT, 'index.html')
  }
}));

If your app is a website:

Set website to true. This will setup default views for login, registration, etc.

app.use(stormpath.init(app, {
  website: true
}));

Wait For The SDK

Wait for the SDK to get ready, then start the web server:

app.on('stormpath.ready', function() {
  app.listen(3000, function() {
    //...
  });
});

Protect Your Routes

Use stormpath.loginRequired as a middleware to protect your routes:

app.get('/secret', stormpath.loginRequired, function(req, res) {
  //...
});

If the user tries to access this route without being logged in, they will be redirected to the login page.

Login

To access a protected route, the user must first login.

If your app is an API:

Log them in by posting their username and password as JSON to the /login endpoint:

{
  "username": "[email protected]",
  "password": "myPassword"
}

If the login attempt was successful, you will receive a 200 response and a session cookie will be set on the response. If an error occurred, we will send a 400 status with an error message in the body.

If your app is a website:

Log them in by sending them to /login and fill in the login form.

Register

To be able to login, your users first need an account.

If your app is an API:

Sign them up by posting their information as JSON to the /register endpoint:

{
  "email": "[email protected]",
  "password": "mySuper3ecretPAssw0rd"
}

If the user was created successfully, you will receive a 200 response and the body will contain the account that was created. If an error occurred, we will send a 400 status with an error message in the body.

If your app is a website:

Sign them up by sending them to /register and fill in the form.

That's It!

You just added user authentication to your app with Stormpath. See the documentation for further information on how Stormpath can be used with your Express.js app.

Documentation

For a full documentation of this library, see the documentation.

Help

Example

For an example app, see the Stormpath SPA Development Server.

Links

Below are some resources you might find useful.

License

Apache 2.0, see LICENSE.

ldhertert / express-stormpath Goto Github PK