UNPKG

@quarks/quarks-iam

Version:

A modern authorization server built to authenticate your users and protect your APIs

github.com/anvilresearch/connect

anvilresearch/connect

64 lines (52 loc) 1.44 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
/** * Module dependencies */ var qs = require('qs') var AccessToken = require('../models/AccessToken') /** * Prompt to authorize */ function promptToAuthorize (req, res, next) { var params = req.connectParams var client = req.client var user = req.user var scopes = req.scopes // The client is not trusted and the user has yet to decide on consent if (client.trusted !== true && typeof params.authorize === 'undefined') { // check for pre-existing consent AccessToken.exists(user._id, client._id, function (err, exists) { if (err) { return next(err) } // if there's an existin authorization, // reuse it and continue if (exists) { params.authorize = 'true' next() // otherwise, prompt for consent } else { // render the consent view if (req.path === '/authorize') { res.render('authorize', { request: params, client: client, user: user, scopes: scopes }) // redirect to the authorize endpoint } else { res.redirect('/authorize?' + qs.stringify(params)) } } }) // The client is trusted and consent is implied. } else if (client.trusted === true) { params.authorize = 'true' next() // The client is not trusted and consent is decided } else { next() } } /** * Exports */ module.exports = promptToAuthorize