Giter Club home page Giter Club logo

express-stormpath's Introduction

Stormpath is Joining Okta

We are incredibly excited to announce that Stormpath is joining forces with Okta. Please visit the Migration FAQs for a detailed look at what this means for Stormpath users.

We're available to answer all questions at [email protected].

What does this mean for developers who are using this library?

  • We are patching this library to work with the Okta API. This will come in the form of a major release, 4.0. We're trying hard to minimize the number of breaking changes. This version will assume that you're migrating your data with our data migration tool, which should be available by the end of April.

  • We are creating 4.x release candidates as we work. The 4.x changelog will describe all of the changes in this version.

  • The Express-Stormpath Sample Project is updated to use the latest release candidate, we suggest that you try running this application to ensure that your new Okta org is setup properly.

  • Once you are able to run the sample project, we suggest trying the latest release candidate in a local/development copy of your application, and walk through the changes in the 4.x changelog to see if you run into any issues. The latest release candidate can be installed like so:

    npm install --save express-stormpath@next

README

If you are actively using this library, you can find the readme in OLD-README.md. It is not possible to register for new Stormpath tenants at this time, so you must already have a Stormpath tenant if you wish to use this library during the migration period.

express-stormpath's People

Contributors

baer avatar bcaldwell avatar brentstormpath avatar cannibalvox avatar cdaniel avatar coreybutler avatar deusexlibris avatar dgisser avatar dominicliu avatar edjiang avatar elomerc avatar erbridge avatar greenkeeperio-bot avatar harai avatar jeffkole avatar jmls avatar johnw424 avatar jrodmanu avatar ldhertert avatar lemieux avatar omgitstom avatar oshalygin avatar rdegges avatar robertdamphousse-okta avatar robertjd avatar suryod avatar timothyej avatar typerandom avatar vkomulai avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

express-stormpath's Issues

Create Account - Confirm Password

I need an option of being able to add a Confirm Password field beneath the Password field on the default Create Account form. This Confirm Password field exists on the Create Account form in the Admin Console.

Feature: group authentication based on route params

I'm impressed with the Express-Stormpath module and seriously considering implementing it. I'm currently using passport-stormpath but still very lightly integrated.

The one feature I don't see that would be useful would be group authentication based on the route params, i.e. (based on example from documentation)

app.get('/admin/:association', stormpath.groupsRequired([':association']), function(req, res) {
  res.send('If you can see this page, you must be in the `' + req.params.association + '` association!');
});

The idea being that a route like '/admin/myassociation' would require membership in the 'myassociation' group.

Object <#Session> has no method reset() when logging out

Currently testing the stormpath module and found that every time I would log out I would receive this Object <#Session> has no method reset()

I checked my express-stormpath/lib/controllers.js and found this.

module.exports.logout = function(req, res) {
  if (req.session) {
    req.session.reset();
  }

  res.redirect('/');
};

I switched req.session.reset() to req.session.destroy() to fix this temporarily but I wanted to know what the root cause was. Let me know if there is any more info I can provide to help you.

Thanks!

App crashes with 404 shortly after initialization

I'm initializing my Express app using the suggested env variables and the following code:

// Attach Stormpath
app.use(stormpath.init(app, {
    secretKey: ''
}))

However, shortly after I start my app, I get a hard crash with only the following error:

ResourceError: HTTP 404, Stormpath 404 (mailto:[email protected]): The requested resource does not exist.

I'm not really sure how to debug this...there are no other details provided by the error/crash.

how to force authentication on all routes

I've followed the quickstart guide (and, may I say, great job!) and got auth working just fine on certain routes.

however, I'm a little stuck on how to ensure that authentication is done on all routes, even static ones.

I have this in my app

app.use(loopback.static(path.resolve(__dirname, '../client')));

how can I force a user to login before accessing the site ?

thanks !

extreme slowness when adding expand....

When enabling expandGroups or expandProviderData etc, the response times (caching in memcached enabled!) go from a few millisecs to over 1 second. Seems that info is not being cached? Also, when using the middleware (app.use), but not using a loginRequired on that route, is still really slow.

Unauthorized page not passing app to locals

The unauthorized page is not passing app to locals variables which makes it unaccessible in the template. This part is useful to pass shared variables to the templates. It crashes if your base template is using #{app.get(...)}. One way to fix it would be to set the app before each helpers.render(req.app.get('stormpathUnauthorizedView'), res); or create something like helpers.renderUnauthorizedView which would do it internally.

Redirect loop when using groupsRequired and auto-login

Hi guys,

there is a problem when using groupsRequired on a view. I think you'll understand with the following flow for an authenticated user:

GET /admin -> oh! not in the "admin group".. send to login -> GET /login?next=/admin 
-> oh! you are already signed in -> GET /admin -> oh! not in the "admin group"... send to login -> GET /login .....

I'm not too sure how to fix this without disabling the auto login feature.

Any ideas?

Resend verification page

We were wondering what would happen if one of our users lost, deleted, forgot the verification email. Do you have plan to have a resend verification page or something like that? Currently it seems like the user would be in some sort of limbo state where he can't reset his password nor signup with the same email.

Password change page

As discussed in #20, express-stormpath should also provide a password change page. This should be almost the same as the password reset one, but instead of verifying a token, the current password should be provided. This page should only be accessible by authenticated users. I think it should also be possible to configure whether or not you should sign in again after the password change. Either way, all other sessions (or all sessions in case of a log out after the change) should be nuked to prevent unauthorized access from another computer/browser.

We are most likely going to tackle this problem in our app in the next two weeks and since this is a generic thing, I think it should go in express-stormpath.

Thoughts?

previous values lost on register error

When registering if there is an error - weak password, invalid email - all the fields are cleared.

It would be nice if the valid data, like first/last name, was refilled.

Allow init to accept an already configured cache client

First off, I've really enjoyed using Stormpath so far. Great work!

I'm looking to enable caching for my app. I see that the product guide describes how you can tell stormpath what the host, port, and auth options are for the cache and then it makes its own connection to the cache.

Why not just accept an already configured cache client as well? I ask because in my app I have several other components that depend on a redis client, so instead of creating a client for every component I create one client and inject it into every component that needs it. The connection details change depending on the stage of the app so by using injection I isolate the stage/connection details to the one part of my app that is responsible for creating the client.

I explained my use case, and I think in general this would provide value for other users as well. What are your thoughts? I'd be willing to submit a PR if you like this idea.

Thanks again!

app crash on 503 error during initialization

For a few minutes, I got the following error during startup of my application.

Stormpath seems to have responded with a 503 status code, which crashed the app.

Meanwhile, everything is working fine again, so I assume that there is an uncaught issue when creating the callback for the request module.

ERROR

/bastian/appxyz/node_modules/express-stormpath/node_modules/stormpath/lib/error/ResourceError.js:7
  this.status = responseBody.status;
                            ^
TypeError: Cannot read property 'status' of undefined
    at new ResourceError (/bastian/appxyz/node_modules/express-stormpath/node_modules/stormpath/lib/error/ResourceError.js:7:29)
    at Request.onRequestResult [as _callback] (/bastian/appxyz/node_modules/express-stormpath/node_modules/stormpath/lib/ds/RequestExecutor.js:96:23)
    at Request.self.callback (/bastian/appxyz/node_modules/express-stormpath/node_modules/stormpath/node_modules/request/request.js:123:22)
    at Request.emit (events.js:98:17)
    at Request.<anonymous> (/bastian/appxyz/node_modules/express-stormpath/node_modules/stormpath/node_modules/request/request.js:1047:14)
    at Request.emit (events.js:117:20)
    at IncomingMessage.<anonymous> (/bastian/appxyz/node_modules/express-stormpath/node_modules/stormpath/node_modules/request/request.js:998:12)
    at IncomingMessage.emit (events.js:117:20)
    at _stream_readable.js:929:16
    at process._tickCallback (node.js:419:13)

ORIGIN stormpath/lib/ds/RequestExectuor.js

if (response.statusCode > 399) {
      return callback(new ResourceError(body), null);
    }

new discrepancy between index.js and package.json?

I’m starting out with StormPath by using this repository and following the link from here to the Quickstart at

https://docs.stormpath.com/nodejs/express/quickstart.html

... and I think there is a problem: the current documentation shows that index.js requires 'express-stormpath’, but package.json doesn't include it among its dependencies.

index.js

var stormpath = require('express-stormpath’);

The dependencies in package.json

  "dependencies": {
    ...
    "stormpath": "^0.7.3",
    ...
  }

index.js (currently) has this:

/**
 * Expose the `stormpath` library.
 *
 * @property stormpath
 */
module.exports = require('./lib/stormpath’);

As a beginner I couldn't make that work. Maybe I caught things in the middle of a change in both code and documentation not yet finalized.

Disable Cache

Currently if I modified custom data in the Admin UI,
the server cache hide the modification to my webpage.

Can we set false to the cache option for custom data only for example ?

Alternative Template Engines

Is it actually possible to specify a templating engine other than jade?

The docs indicate EJS support, but I couldn't get this to work as documented. It looks like Jade is a hard dependency.

Frankly, I don't want to use Jade or EJS... my engine of choice is Nunjucks. Any thoughts on making this happen?

Ability to pass extra variables to templates context

As I was making sure the analytics were set on each page of our app, I figure out I would not be able to do it on all of express-stormpath pages since I do not control the context passed to those pages. Would it make sense to pass an object to the init function like extraTemplateContext with predefined values to be passed to those templates? I would need to pass things like analytic service ID.

I can provide a pull request today if you want.

Boolean configuration options are not working when setting false

Using || to set default value will not work when implicitly using false, as || is checking for falsey and not undefined. This is only an issue when the default value is true.

For instance

app.set('stormpathEnableSurname', opts.enableSurname || (process.env.STORMPATH_ENABLE_SURNAME === 'true') || true);

will not work as expected when deliberately setting opts.enableSurname (or STORMPATH_ENABLE_SURNAMEof course) to false.

I'm not submitting a pull request for this one as selecting which route to take for default configurations is highly opinionated and you might have your preferred approach already.

Subdomain support for cookies

Currently the stormpathSession cookie returned after a successful authorization is set to host-only and cannot be used on subdomains. It would be nice of stormpath-express supported an option to allow cookies on subdomains.

Errors appearing on password change form

Hi,

I just encountered a problem with the password change form. The forms library expects the form value to be in the querystring if the form is handled on a GET. Since the password reset form puts parameters (token) in the URL, the form seems to be handled like if it was submitted on a GET and generates a "Password required" error when the page loads.

I did some digging and it seems to me that it's the desired behavior from that lib and it doesn't seems like there's a workaround for that.

Any idea? Maybe another form library might do the trick?

Auto login after a password change

Like the auto-login feature post-registration when the verification flow is disabled, we would like to have a similir functionnality post-password change. From a UX perspective, it makes little sense to have a auto-login at the registration but not at after the password reset.

I would like very much to add this (fully optional) feature to the lib.

What do you think? I would probably have a PR tomorrow.

Directory Support

Please correct me if I'm wrong, but right now the module is tied to an application's main directory. It would be nice to have support to choose other directories in an application to use.

Here's my use case: I am building a microservice architecture with each microservice using express-stormpath's oauth2 functionality. I've gotten it to work wonderfully with an application. There will only be a handleful of api consumers (developers) for each microservice, so giving each microservice it's own directory in a single application would be most ideal so we don't have to create a new application for every microservice when each microservice is really only going to have around 5-10 api developers.

postRegistrationHandler not called when enableAccountVerification is set

Hi everyone,

What's the best way to go about performing logic when an account is registered, with email verification enabled?

Regarding this "issue":

  • Last commit: a4c6856
  • Branch: master

In lib/controllers.js there is the following block starting on line 162:

        // If we get here, it means the account was successfully created.
        if (!err && !req.app.get('stormpathEnableAccountVerification')) { <--------------------- HERE
          if (req.app.get('stormpathPostRegistrationHandler')) {
            req.app.get('stormpathPostRegistrationHandler')(req.user, req, res, function() {
              var url = req.query.next || req.app.get('stormpathRedirectUrl');
              res.redirect(302, url);
            });
          } else {
            var url = req.query.next || req.app.get('stormpathRedirectUrl');
            res.redirect(302, url);
          }
        }

I could do it on Login, but it's a bit more messy. I'll do that if I have to, just wondering if there is a better way (or this creates a potential solution).

Thanks alot!

-- adarqui

Handle CSRF Expiration Errors in a Cleaner Way

Right now, if a user opens up a page (login / registration), waits for a bit (for their session to expire), then submits the form -- they'll receive a CSRF error page.

This is quite ugly, and instead we should override this functionality with a custom flashed message of some sort, and re-render the page the user was on.

Account not expanding immediately after verification

I'm having an issue with the lastest release where sometimes the account is not expanded. This only appears to happen after a user goes through the verification process. The account href is the only information that makes it into the redis record, then when the user logs in the cached record is loading but the account isn't expanded any further.

I was only checking that the user property was being set, not that the account was expended, I can easily address this on my end, but I thought you may want to be informed.

I realize this may be an SDK issue related to the changes in 0.6.0 but I thought I'd start the discussion here.

variable casing problem in helpers.js

When following the quickstart guide: "If you’d prefer to specify your API credentials without using an apiKey.properties file, you can also do that easily by setting the following two environment variables: STORMPATH_API_KEY_ID=xxx" Kept resulting in:

...helpers.js:169 ERROR: No Stormpath credentials specified.

After trying several different ways to set the credentials, finally reviewed source to find a casing problem on the checkSettings function, capital 'D' in ID in /lib/helpers.js:166:

(app.get('stormpathApiKeyID') && ...

This doesn't match other usages of 'stormpathApiKeyId', lower case 'd'.

Workaround: To set credentials without a keyfile you can still use the environment variable 'STORMPATH_API_KEY_ID' by setting the following in your application code to circumvent the validation:

app.set('stormpathApiKeyID', 'not used');

Potential fix - helpers.js line 166:
(app.get('stormpathApiKeyId') && app.get('stormpathApiKeySecret')) ||

Stormpath called every time, for all resources

The way the middleware is wired, by adding stormpath.init to our app.use, all calls to the app server result in a call to Stormpath via stormpath.Client.getAccount. I'm not sure if this is intentional, or if something should be caching in the stack - I know it's a new library! :) But this results in undesirable behavior:

  1. All calls to every resource generate a call to Stormpath (again, not clear on intention), but...
  2. Interesting effect of that, once a user logs in, accessing areas not covered by loginRequired (e.g. home page, public docs) still results in Stormpath calls.

Tracing out the process here for reference:

Following the setup procedure we add the following as middleware.
app.use(stormpath.init(app, {
...
}

This returns a middleware function that calls .getUser(...) on all requests at stormpath.js:121
async.series([
function(callback) {
helpers.getUser(req, res, callback); // <-
}
], function() {

.getUser(...) in helpers.js, starting line 72, calls .getAccount(...) resulting in a Stormpath call.

module.exports.getUser = function(req, res, next) {
if (req.session && req.session.user) {
req.app.get('stormpathClient').getAccount(req.session.user.href, { expand: 'customData,groups' }, function(err, account) {
if (err) {
req.session.reset();
} else {
req.session.user = account;
res.locals.user = account;
}
next();
});
} else {
next();
}
};

Thanks!

Angular SDK Integration

We should make this work with our Angular.js SDK by modifying the way sessions work: we should switch from storing a plain-old user href as the session cookie to storing a JWT.

Making Session Management More Usable

Right now, this library initializes its own session stuff as req.session. This is a problem for many people, as most node libraries initialize their own session stuff under the same name -- this causes issues.

What I'd like to do is migrate all Stormpath session stuff to req.stormpathSession, this way there will be no chance of conflict for non-auth related sessions.

I've got about 99% of this code ready to ship, but the CSURF library doesn't currently support anything other than req.session, which is a blocker for this.

I've opened a ticket on the CSURF library page: expressjs/csurf#66

If the author gives me the go ahead, I'll submit a PR to their project, and then once released, push the changes into this library.

LinkedIn support in Express-Stormpath

Hi
I'm planning a site for health data and I would like to store the users in a secure system like stormpath.

When I read on your site and search the net I see that linkedIn support is mentioned. But I can't find if it is something that is planned or something that is there.

Regards
Terje

Better error handling for humans

Currently, express-stormpath outputs raw error pages when something happens. From what I can see, it's output a lot of res.send(400) or res.send(500) on "human facing" pages. I can understand for an API route, but for a page that a user can see, having a 400 Bad request is less than desired.

My take on this would be to add a template for errors and use it to render them properly.

We saw this when accessing an account verification link twice, which is not really an edge case. In this case, it could also be useful to having the error message to let the user know what is going on.

Do you already have plans for this problem or should I go ahead and try to fix this?

sub domains and password reset

having a problem with sub domains and a password reset

for every new customer of our app (demo) we spin up a new sub domain, so we have

foo.demo.com
bar.demo.com

now, we obviously don't want to have to create a new app for every potential customer, so we are using a demo application in stormpath, and groups (foo/bar/etc) to authorise access to each sub domain

however, the password reset mechanism requires a fixed callback url - which obviously doesn't work with sub domains.

how can we get round this problem ?

More control on error messages

Hey,

we are currently doing a pass on our UX for our authentication flow and we would like to customize error messages coming from the API. Currently, if we request a password reset for a unknown email, we get a not-so-human-friendly error "Invalid email.".

Would it be possible to customize such messages? It could be enough for us if we had to provide a "translation" for those and they would be rendered using it. I know we could do it on the template side, but I find this solution not really elegant since it would put too much logic to my taste in the template.

Can't turn off the requirement for givenName on register

Maybe I'm doing something really dumb, but I've spent some time banging my head against this and can't get it to work.

I'm trying to present a reg form that requires simply Username, Email, and Password. But when I try and register, the form comes back with the alert, "Account givenName cannot be null, empty, or blank."

In my code I have:

app.use(stormPath.init(app, {
    // ...
    enableUsername: true,
    requireUsername: true,
    enableGivenName: false,
    requireGivenName: false,
    enableSurname: false,
    requireSurname: false,
    // ...
}));

I've added some debug output to the helpers.collectFormErrors function but that doesn't seem to be where the alert is coming from. It's almost as if the validation is failing over at the stormpath server.

Thanks for any advice!
bobby

Incompatibility with Baucis(which builds on top of Express.js)

Hi,

I am trying to use the stormpath-express SDK, but for some reason the request body(on a POST request) goes away thus making the SDK incompatible with baucis(which adds on to Express.js and allows regular Express middleware)

I looked at the code that's doing the initializing of the stormpath SDK but I couldn't figure out why the request data is getting lost along the way before its passed to the appropriate baucis controller (controllers translate into Express 4 Routes)

I'm guessing it might be an issue with the body-parser middleware, but I would really appreciate it if you can take a look and see if you can find what the problem might be.

p.s. If you want me to I can also create a repo with a simple baucis app which reproduces this issue.

Password change without the password reset email

Would it be possible to show the password change view directly without having to issue a password reset email. We would want the user to be able to change it directly in our app if he's logged in. I tried to access /forgot/change directly and I got :

Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (http.js:689:11)
    at ServerResponse.header (/home/marcolem/Development/radialpoint/reveal-site/node_modules/express/lib/response.js:662:10)
    at ServerResponse.send (/home/marcolem/Development/radialpoint/reveal-site/node_modules/express/lib/response.js:146:12)
    at fn (/home/marcolem/Development/radialpoint/reveal-site/node_modules/express/lib/response.js:896:10)
    at /home/marcolem/Development/radialpoint/reveal-site/node_modules/hogan-express/hogan-express.js:169:20
    at /home/marcolem/Development/radialpoint/reveal-site/node_modules/hogan-express/hogan-express.js:40:14
    at fs.js:271:14
    at Object.oncomplete (fs.js:107:15)
express deprecated res.send(status): Use res.status(status).end() instead node_modules/express-stormpath/lib/controllers.js:326:11

Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (http.js:689:11)
    at ServerResponse.header (/home/marcolem/Development/radialpoint/reveal-site/node_modules/express/lib/response.js:662:10)
    at ServerResponse.send (/home/marcolem/Development/radialpoint/reveal-site/node_modules/express/lib/response.js:146:12)
    at /home/marcolem/Development/radialpoint/reveal-site/node_modules/express-stormpath/lib/controllers.js:326:11
    at Object.wrapGetResourceResponse [as _wrapGetResourceResponse] (/home/marcolem/Development/radialpoint/reveal-site/node_modules/express-stormpath/node_modules/stormpath/lib/ds/DataStore.js:66:12)
    at onGetResourceRequestResult (/home/marcolem/Development/radialpoint/reveal-site/node_modules/express-stormpath/node_modules/stormpath/lib/ds/DataStore.js:277:13)
    at Request.onRequestResult [as _callback] (/home/marcolem/Development/radialpoint/reveal-site/node_modules/express-stormpath/node_modules/stormpath/lib/ds/RequestExecutor.js:96:14)
    at Request.self.callback (/home/marcolem/Development/radialpoint/reveal-site/node_modules/request/request.js:123:22)
    at Request.emit (events.js:98:17)
    at Request.<anonymous> (/home/marcolem/Development/radialpoint/reveal-site/node_modules/request/request.js:1047:14)

I am using 0.4.5 from npm

`authenticationRequired` middleware loses query parameters of original URL

On line 180 of authentication.js, the query parameters are explicitly stripped off from the URL before redirecting to the login page.

var url = req.app.get('stormpathLoginUrl') + '?next=' + encodeURIComponent(req.originalUrl.split('?')[0]);

This means that if you navigate to a page with query parameters and are redirected to login, you will not arrive back at the original page once you complete login. It looks intentional though. What was the rationale?

Unverified user receives ambiguous error message when logging in

If using email verification, when attempting to login as an unverified user (with correct credentials) the standard error message is returned...'Invalid username or password.'

It would be much better if a message reminding the user that they need to verify their email was displayed.

Thanks!

email group or irc

rather than raising tickets all the time to ask questions, is there an email group or irc that I can communicate with ?

I am wanting to save customer data when registering a new user - but was wondering how to do this with the standard jade forms supplied with stormpath-express

thanks

having to refresh with angular

I have a very simple angular page , served statically by express

index.html

..snip..

{{config}} ..snip..

I wanted to add auth to the app, so put this into my node program

app.get('/',stormpath.loginRequired,function(req,res) {
res.sendfile('index.html');
})

so, I fire up the server, go to the url, and I get a login screen. Working well. Enter the username & password, and I get

{{config}}

in the browser.

If I press refresh, then I don't get a login , but get the expected result on the page

{"date":"2014-12-10T13:46:18.706Z","currentTimeStamp":"never"}

so, it seems as if angular is not working / present when the page is first sent after login, but after a successful login, any refresh causes things to work properly

what am I doing wrong ?

google login does not create new account

(my appologies this should go to Stormpath support, not on issues)

controllers.js line 517~

after retrieving auth code from google, APP.getAccount is called but err is returned with

{ name: 'ResourceError',
status: 400,
code: 7200,
userMessage: 'Oops! We encountered an unexpected error. Please contact support and explain what you were doing at the time this error occurred.',
developerMessage: 'Stormpath was not able to complete the request to Google: this can be caused by either a bad Google directory configuration, or the provided account credentials are not valid. Google error message: 400 Bad Request',
moreInfo: 'http://docs.stormpath.com/errors/7200',
message: 'HTTP 400, Stormpath 7200 (http://docs.stormpath.com/errors/7200): Stormpath was not able to complete the request to Google: this can be caused by either a bad Google directory configuration, or the provided account credentials are not valid. Google error message: 400 Bad Request'
}

customData not expanded

As far as I can tell the customData is not expanded.

I'm doing this check, but it is getting called with every request.

var spUser = res.locals.user;

if(Object.keys(spUser.customData).length == 1){
  console.log("Loading customData.");
  spUser.customData.get(function(err,customData){
    if(!err){
      _.merge(res.locals.user.customData, customData);
    }
  });
}

Improve situation: Stormpath Application not ready

If you hit an endpoint that requires the Stormpath application, and it has not yet been fetched from the a API, you'll git a bad reference exception.

We want to make two improvements:

  • Have an async getter (promise?) for the application reference, and send down a 500 error if the reference isn't available yet
  • Provide an .on('ready') type of handler that a user can use, if they want to wait for stormpath to be ready before they bootstrap their server

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.