Sharing Top Content from the Angular-sphere.

🔥 Permit: An Unopinionated Auth Library for Node.js APIs – #react #reactjs #angularjs #ui…

  • For example, here’s how to authenticate a bearer token: – – Since Permit isn’t tightly coupled to a framework or data model, it gives you complete control over how you write your authentication logic—the exact same way you’d write any other request handler.
  • But if you’ve run into any of these problems before while adding authentication to a Node.js API, you might like Permit.
  • Permit was designed with authenticating APIs in mind, so it’s able to be much leaner than others, since it doesn’t need to handle complex OAuth integrations with Facebook, Google, etc.
  • Due to its simple interface, Permit makes it much easier to write and reason about your actual authentication logic, because it’s exactly like writing any other route handler for your API.
  • Permit’s API is very flexible, allowing it to be used for a variety of use cases depending on your server framework, your feelings about ORMs, your use of promises, etc.

GitHub is where people build software. More than 27 million people use GitHub to discover, fork, and contribute to over 80 million projects.

GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.

An unopinionated authentication library

for building Node.js APIs.

Usage • Why? • Principles • Examples • Documentation

Permit makes it easy to add an authentication layer to any Node.js API. It can be used with any of the popular server frameworks (eg. Express, Koa, Hapi, Fastify) and it can be used for any type of API (eg. REST, GraphQL, etc.) due to its simple, unopinionated design.

Permit lets you authenticate via the two schemes most APIs need: a single secret bearer token, or a set of username and password credentials. For example, here’s how to authenticate a bearer token:

import { Bearer } from ‘permit’ // A permit that checks for HTTP Bearer Auth, falling back to a query string. const permit = new Bearer({ query: ‘access_token’, }) async function handler({ req, res }) { // Try to find the bearer token in the request. const token = permit.check(req) // No token, that means they didn’t pass credentials! if (!token) { throw new Error(`Authentication required!`) } // Authenticate the token however you’d like… const user = await db.users.findByToken(token) // No user, that means their credentials were invalid! if (!user) { throw new Error(`Authentication invalid!`) } // They were authenticated, so continue with your business logic… … }

Since Permit isn’t…