node-heroku-bouncer 
node-heroku-bouncer is an easy-to-use module for adding Heroku OAuth authentication to Express 4 apps.
Install
$ npm install heroku-bouncer --saveRequirements
- Node 0.10.x
- Express 4.x
Use
Ensure your app is using the cookie-parser and client-sessions middlewares. This module is not guaranteed to work with any other session middleware.
var express = ;var cookieParser = ;var sessions = ;var bouncer = ;var app = ; app; // NOTE: These options are good general options for use in a Heroku app, but// carefully review your own environment's needs before just copying these.app; app; app;After requests pass through the bouncer middleware, they'll have the
heroku-bouncer property on them:
token: 'user-api-token' id : 'user-id' name : 'user-name' email: 'user-email'To log a user out, send them to /auth/heroku/logout.
Options
| Options | Required? | Default | Description |
|---|---|---|---|
encryptionSecret |
Yes | n/a | A random string used to encrypt your user session data |
oAuthClientID |
Yes | n/a | The ID of your Heroku OAuth client |
oAuthClientSecret |
Yes | n/a | The secret of your Heroku OAuth client |
herokuAPIHost |
No | n/a | An optional override host to send Heroku API requests to |
sessionSyncNonce |
No | null |
The name of a nonce cookie to validate sessions against |
ignoredRoutes |
No | [] |
An array of regular expressions to match routes to be ignored when there is no session active |
oAuthServerURL |
No | "https://id.heroku.com" |
The location of the Heroku OAuth server |
herokaiOnlyHandler |
No | null |
A route handler that will be called on requests by non-Herokai |
Test
$ npm test