Skip to content
This repository has been archived by the owner on Jun 19, 2023. It is now read-only.

Latest commit

 

History

History
31 lines (24 loc) · 1.17 KB

File metadata and controls

31 lines (24 loc) · 1.17 KB

Auth

Authentication and authorization through the Meetup API is part of every web platform application, and is handled invisibly by the platform server - the consumer apps do not need to know anything about how their API requests are authenticated. It is a cookie-based auth system, so the server is responsible for reading and writing the relevant cookies from/to the browser client with every request.

Overview

Once the 'mwp-auth' scheme is registered with the server, it must be applied as a server.auth.strategy, which happens when the server starts in the server function of the mwp-app-server package.

The 'mwp-auth' scheme provides an authenticate function that reads auth info from each request and supplies fallback values when necessary.

Once processed by mwp-auth, the request will have auth credentials stored in request.auth.credentials:

{
  "memberCookie": string,
  "csrfToken": string
}

These values can be used when making API requests - the CSRF token must be supplied as a MEETUP_CSRF cookie as well as a csrf-token header, and the member cookie string must be supplied as a MEETUP_MEMBER cookie.