Reputation: 363
StormPath groups authorization using express-stormpath
Using stormpath.groupsRequired middleware call,
router.get('/', stormpath.loginRequired, stormpath.groupsRequired(['org1-admin']), function (req, res) { res.render('index', {}); });
I can not hardcode the ‘org1-admin’ role, what options do I have? If I put this into a session , the session is not available for middleware. Any thoughts?
The user role ‘org1-admin’ will be identified when the app is launched based on the org1 param passed in the initial launch request url and ‘admin’ role read from config entry.
After the initial launch , this role should be available for subsequent routes to authorize. Appreciate your feedback!
Upvotes: 0
Views: 102
Answers (1)
Reputation: 4903
If the group to check is determined on a per-request basis, you’ll need to modify the flow to use the groupsRequired middleware more like a function:
app.get('/', stormpath.loginRequired, function (req, res) {
var group = 'foo'; // grab the group from your request context
stormpath.groupsRequired([group])(req,res,function(){
// If we got here, the user is in the group. Otherwise the groupsRequired middleware would have ended the response with 403
res.render('index', {});
});
});
I hope this helps! This is a good use-case and I’d like to add something to this library which makes it easier to do this.
Upvotes: 2
Related Questions
- What's the correct way to authorize Stormpath apps?
- Create Stormpath user and assign to group in one call
- Express-StormPath Authentication
- Express Static for Authenticated Users
- Node.Js authentication using Stormpath
- Stormpath multi-tenant express
- Stormpath Integration, ExpressJS 'Stormpath 401Authentication with Vaild API Key is required'
- 'apiKey.id is required' error thrown when using express-stormpath with node.js
- Getting group name from account in Stormpath-Express
- Stormpath User information