WIP: Simplify token strategy configuration #175
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* What I’m now calling the “OAuth Token” strategy is the default: we store tokens in storage, and the developer can use `getAccessToken()` to fetch it as needed * “Cookie mode” is now opt-in * I’ve renamed the user services accordingly, so it’s more clear what each one is doing * This is technically a breaking change, so I’m writing this up as the 3.0.0 release
the-overengineer
suggested changes
Feb 2, 2017
the-overengineer
left a comment
the-overengineer
left a comment
There was a problem hiding this comment.
Looks good except for the few minor typos. The changes are well-explained. One totally minor question, though, is there a reason for renaming the services to kebab-case from PascalCase? The latter seems to be the convention project-wide.
| ## 2.0.0 (January 13, 2017) | ||
|
|
||
| This release adds support for the [Stormpath Client API][], which allows you to authenticate the user directly with Stormpath (authentication does not require extra software in your server). The user receives an access token, which can be used to authorize requests on your server. If you need to authorize requests on your server, you will sill want to use one of our SDKs to make that process simpler. | ||
| *Deprecated* Please use 3.0.0 insetad. |
| *Deprecated* Please use 3.0.0 insetad. | ||
|
|
||
| Please see the Readme for the new instructions for using the Client API. | ||
| This release adds support for the [Stormpath Client API][], which allows you to authenticate the user directly with Stormpath (authentication does not require extra software in your server). The user receives an access token, which can be used to authorize requests on your server. If you need to authorize requests on your server, you will sill want to use one of our SDKs to make that process simpler. |
There was a problem hiding this comment.
Another typo. "sill want" -> "still want"
| ## Documentation | ||
|
|
||
| For all available routes and components, see the [API Documentation][]. | ||
| For all available routes and components, see the [Stormpath React SDK API Documentation] Documentation][]. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on the conversation in #169 , it seems that our approach of using "local domain vs. remote domain" to automatically determine the token storage strategy is not sufficient (I cannot use a local domain AND use the local storage strategy).
In this PR:
getAccessToken()to fetch it as neededTodos:
/oauth/revokeendpoint needs to be added to express-stormpath, so that logout work : Add support for/oauth/revokeexpress-stormpath#591