OAuth best practices

[robot]

Sorry in advance if this is a noob question.

I'd like to secure my rest api with OAuth2 or something like it.  That means each rest call needs to check the auth token.  I would think something like server.pre() could be used for that, otherwise every call needs to interrogate headers, query params, or body for it separately.  However, since none of the plugins are run until after routing, this won't work by default.

What are best practices here?  Can I call the plugins manually to parse the request?

-Robot

[robot]

Well, looks like server.use() works, dunno why I didn't try that first.  Told you it was a noob question.

-Robot

[Mark Cavage]

Hi Shane,

Yep - that's how you'd do this. Note the authorization parser only
parses the header, it leaves it to you to do something with it.
There's been a bunch of interest in this - it's somewhere on my list
to just first class this in restify, but not top of the list :\

m

[robot]

There's been a bunch of interest in this - it's somewhere on my list to just first class this in restify, but not top of the list :\ 

I appreciate that... I'm sure you have 9 octrillion things on your plate.  However, I'd like to put in a vote to move up the priority.  Just like your attention to detail on things like making versioning a first class feature, OAuth2 support would add significant value.

Thanks for a great resource.

-Robot 

[Gerald Yeo]

Hi Robot,

I'm also trying to use Restify to create a RESTful server and securing it with oauth2. Can you help me shed some light on how you create a plugin to do that?

Gerald

[opensas opensas]

+1 on this feature (too bad github doesn't allow you to vote for features)