Update protected route middleware docs

- The stormpath middleware, stormpath.authenticationRequired, depends on cookie-parser being defined. Cookie-parser will attach cookies from the request and attach them to the canonical req object in express. This property is then used by the middelware to verify the authenticity of the user and properly secure the route. - This commit provides additional requirements to users who are leveraging the authenticationRequired middleware Closes stormpath#602
oshalygin · Feb 21, 2017 · fdf67db · fdf67db
1 parent 80cf1a4
commit fdf67db
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -117,6 +117,25 @@ Follow these steps to add Stormpath user authentication to your Express.js app.
     //...
   });
   ```
+  
+  The `stormpath.authenticationRequired` middleware depends on the `cookie-parser` middleware, make sure that you are including the `cookie-parser` prior to all of your secured routes:
+
+  ```javascript
+  var express = require('express');
+  var stormpath = require('express-stormpath');
+  var cookieParser = require('cookie-parser');
+
+  var app = express();
+
+  // Include the cookier-parser middleware prior to securing the route with 'stormpath.authenticationRequired'
+  app.use(cookieParser());
+  app.use(stormpath.init(application, stormpathConfiguration));
+
+
+  app.get('/secret', stormpath.authenticationRequired, function(req, res){ 
+    //...
+  });
+  ```
 
   For API services that use HTTP Basic Auth, use
   `stormpath.apiAuthenticationRequired`: