Skip to content

Commit 0d63147

Browse files
unicodeveloperunicodeveloper
committed
Validate access_token and check for scope
1 parent 1b960f2 commit 0d63147

File tree

1 file changed

+14
-2
lines changed

1 file changed

+14
-2
lines changed

protected-routes.js

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,23 @@ var express = require('express'),
55

66
var app = module.exports = express.Router();
77

8+
// Validate access_token
89
var jwtCheck = jwt({
9-
secret: config.secret
10+
secret: config.secret,
11+
audience: config.audience,
12+
issuer: config.issuer
1013
});
1114

12-
app.use('/api/protected', jwtCheck);
15+
// Check for scope
16+
function require_scope(scope) {
17+
return function (req, res, next) {
18+
var has_scopes = req.user.scope === scope;
19+
if (!has_scopes) { res.send(401); }
20+
next();
21+
};
22+
}
23+
24+
app.use('/api/protected', jwtCheck, require_scope('full_access'));
1325

1426
app.get('/api/protected/random-quote', function(req, res) {
1527
res.status(200).send(quoter.getRandomOne());

0 commit comments

Comments
 (0)