Cookie parser is required for strompath.authenticationRequired

Question

Cookie parser is required for strompath.authenticationRequired

oshalygin opened this issue 8 years ago · 1 comments

Came across this in my testing earlier but if you protect a route with stormpath.authenticationRequired, the authentication check will not occur if the express application didn't bring in the cookie-parser middleware via the following:

import express from 'express';
import stormpath from 'express-stormpath'
import cookieParser from 'cookie-parser'

const application = express();
application.use(cookieParser());

application.use(stormpath.init(application, stormpathConfiguration));

// This will always respond with authenticated(well reroute) if cookie-parser wasn't included.
application.get('/myAwesomeRoute', stormpath.authenticationRequired, function(req, res){ 
    res.status(200).json(someAwesomeObject);
}

Proposing to add this to the README.md as a required component right above this section:
9. Protect Your Routes

Open to making a PR if you're comfortable with the addition @robertjd

Note: The walkthrough does reference the usage of cookie-parser but it would be good to also include it here in the README.
https://stormpath.com/blog/build-app-nodejs-express-passport-stormpath

Answer 1 · 2017-02-21T19:41:27.000Z

Thanks @oshalygin , we should add this to the docs!