Derby.js Authentication
Provides authentication middleware (using Passport) for use in your Derby projects.
Step 1
Setup derby-auth strategies and configurations
var auth = // Pass in actual Passport Strategy objects as well as their configurations (see http://passportjs.org/guide/facebook/) // Note: this means you'd need "passport-facebook" in your package.json file strategies = facebook: strategy: Strategy conf: clientID: processenvFACEBOOK_KEY clientSecret: processenvFACEBOOK_SECRET // Pass in options. Domain defaults to localhost:3000, but consider it required // (It's a Passport technicality, if anyone has suggestions for determining domain on run-time, please message me) options = domain: processenvNODE_ENV==='production' ? "http://my.com" : "http://localhost:3000"
Step 2
Initialize the Store (queries, accessControl, etc)
// initialize queries and accessControlauth;
Step 3
Use derby-auth's mounted middleware
// derby-auth.middleware is inserted after modelMiddleware and before the app router to pass server accessible data to a model
Also, make sure your express app is using sessions:
# Uncomment and supply secret to add Derby session handling# Derby session middleware creates reqsession and socketio sessions
Step 4 (optional, recommended)
If you want drop-in Login and Register forms, including form validation, use the <derby-auth:login />
and <derby-auth:register />
components. To enable these, you'll need this in your /lib/app/index.js
file:
derby;
See the example for more details, as well as login / registration forms, sign-in buttons, etc.
Roadmap
See my Workflowy
Why not EveryAuth?
This project was originally implemented with Everyauth (see branch), but had some issues:
- Every provider had to be implemented individually in code. Passport has an abstraction layer, which is what allows us to pass in Strategy + conf objects in server/index.js for every provider we want enabled.
- Password authentication posed technical difficulties. See the Google Group discussion