Authentication and authorization through the Meetup API is part of every web platform application, and is handled invisibly by the platform server - the consumer apps do not need to know anything about how their API requests are authenticated. It is a cookie-based auth system, so the server is responsible for reading and writing the relevant cookies from/to the browser client with every request.
Once the 'mwp-auth'
scheme is registered with the server, it must be applied
as a server.auth.strategy
, which happens when the server starts in the
server
function of the mwp-app-server
package.
The 'mwp-auth'
scheme provides an authenticate
function that reads auth info
from each request and supplies fallback values when necessary.
Once processed by mwp-auth
, the request will have auth credentials stored in
request.auth.credentials
:
{
"memberCookie": string,
"csrfToken": string
}
These values can be used when making API requests - the CSRF token must be
supplied as a MEETUP_CSRF
cookie as well as a csrf-token
header, and the
member cookie string must be supplied as a MEETUP_MEMBER
cookie.