Request for support check for authorize

[VitaliyR]

Hello!

I've found that

oauth.authorise()

is checking for authentication in strict mode - thats means that if user is not authenticated - he receives error JSON with 'no token'.

I am suggesting to create another middleware method (or extend this one) to support non strict check - it would do exact same as autorise but if token wrong/non existing just continue pipe execution in usual way.

server.get('/items/:id', server.oauth.authorise(false /*non-strict, default true*/), this.controllers['itemsController'].show);

What do you think?

P.S. I've managed to make a lot of changes with my backend because we are using restify and it have differences with express. Maybe... add support for it too? :)

[thomseddon]

As an example, what would you do in your itemsController.show method if they don't have a valid token?

Would definitely like to see the restify version!

[VitaliyR]

@thomseddon sorry for a big delay. For instance, if user is authorized, send him more data than for non-authorized user:
{id: 1, name: "User" }
{id: 1, name: "User", role: "Developer" }

With current implementation it can't be done using same route.

[thomseddon]

I'm not sure this is really proper use of the spec, there is a provision for having different "scopes" but not for public and authenticated access, I would like to have another glance through though to check this feeling is correct...