node package manager
Love JavaScript? Your insights can make it even better. Take the 2017 JavaScript Ecosystem Survey »


passport-scope-restrict Build Status

Enforce authorization based on OAuth scopes set by Passport.js.

This is typically used to protect an API by requiring that the scopes associated with the client are allowed to call the API. Check out passport-http-bearer for one strategy you can build on to achieve this.


var express = require('express')
  , passport = require('passport')
  , restrict = require('passport-scope-restrict');
// setup your Express app, and configure Passport with some strategy which add `scopes` to `req.authInfo`. 
app.use('/api/admin', restrict('admin'));


MIT. See LICENSE for details.