node package manager



Build Dependencies

Passport strategy for authenticating with GitHub without using of session.

This module lets you authenticate using GitHub in your Node.js applications via OAuth2 access token (to get is user name and password are required). It is usefull for webapi services which are not required any web ui.


$ npm install passport-stateless-github


Configure Strategy

The stateless GitHub authentication strategy authenticates users using a GitHub account and OAuth 2.0 tokens. The strategy can have an optional verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret.

passport.use(new StatelessGithubStrategy({
    clientSecret: GITHUB_CLIENT_SECRET,
    accessTokenQueryField: "token" //optional query field with access token (default: 'access_token')
  function(userName, accessToken,  done) { // optional callback
    // accessToken is valid access token from github
    // do any additional verification here (checking membership, etc)
    done(); // you can pass additional user's data with done (like done(null, {isPowerUser: true}))

Authenticate Requests

Use passport.authenticate(), specifying the 'stateless-github' strategy, to authenticate requests.

For example, as route middleware in an Express application:

  function(req, res){
    // Successful authentication
    res.json({data: [1,2,3]});

  passport.authenticate("stateless-github", {
    requireAccessToken: true, //required if you want to receive access token via user name and password
    userNameField: "username", //optional name of user name field in req.body (default: userName)
    passwordField: "pwd", //optional name of password field in req.body (default: password)
    //userName: "user", password: "123" // you can pass user name and password directly here if need
    options: { //optional fields which are passed to PUT directly
      scopes: [ "read:org" ],
      note: "MyApp",
      note_url: "http://localhost"
  function(req, res){
    // Send the token to user
    res.json({access_token: req.user.token});