From fdf67db879f66af626ac9a146096cdbfd8087047 Mon Sep 17 00:00:00 2001 From: oshalygin Date: Tue, 21 Feb 2017 12:51:29 -0800 Subject: [PATCH] Update protected route middleware docs - The stormpath middleware, stormpath.authenticationRequired, depends on cookie-parser being defined. Cookie-parser will attach cookies from the request and attach them to the canonical req object in express. This property is then used by the middelware to verify the authenticity of the user and properly secure the route. - This commit provides additional requirements to users who are leveraging the authenticationRequired middleware Closes #602 --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index 06cb598e..a73ecdba 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,25 @@ Follow these steps to add Stormpath user authentication to your Express.js app. //... }); ``` + + The `stormpath.authenticationRequired` middleware depends on the `cookie-parser` middleware, make sure that you are including the `cookie-parser` prior to all of your secured routes: + + ```javascript + var express = require('express'); + var stormpath = require('express-stormpath'); + var cookieParser = require('cookie-parser'); + + var app = express(); + + // Include the cookier-parser middleware prior to securing the route with 'stormpath.authenticationRequired' + app.use(cookieParser()); + app.use(stormpath.init(application, stormpathConfiguration)); + + + app.get('/secret', stormpath.authenticationRequired, function(req, res){ + //... + }); + ``` For API services that use HTTP Basic Auth, use `stormpath.apiAuthenticationRequired`: