- Use
self.apos.root.importinstead ofself.apos.root.require. enablePassportStrategiesis now async.
- Adds translation strings.
- Support for making "connections" to secondary accounts. For instance, a user whose primary account login method is email can connect their account to a github account when the appropriate features are active as described in the documentation.
- Accept
scopeeither as anoptionof the strategy, or as anauthenticateproperty for the strategy, and pass it on to the strategy in both ways, as well as to both the login and callback routes. This allowspassport-github2to capture the user's private email address correctly, and should help with other differences between strategies as well. - Back to using upstream
passport-oauth2-refreshnow that our PR has been accepted (thanks).
- More dependency games.
- Depend on a compatible temporary fork of
passport-oauth2-refresh.
- Introduced the new
retainAccessTokenoption, which retains tokens in Apostrophe's "safe" where they can be used for longer than a single Apostrophe session. Please note thatretainAccessTokenInSessionis now deprecated, as it cannot work with Passport 0.6 as found in current Apostrophe 3.x due to upstream changes. See the README for more information about the new approach. You only need this option if you want to call additional APIs of the provider, for instance github APIs for those usingpassport-github. - Introduced convenience methods to use the access token in such a way that it is automatically refreshed if necessary.
- Corrected a bug that prevented
retainAccessTokenInSessionfrom working properly. Note that this option can only work with Passport strategies that honor thepassReqToCallback: trueoption (passed for you automatically). Strategies derived frompassport-oauth2, such aspassport-githuband many others, support this and others may as well.
Setting the retainAccessTokenInSession option to true retains the accessToken and refreshToken provided by passport in req.session.accessToken and req.session.refreshToken. Depending on your oauth authentication scope, this makes it possible to carry out API calls on the user's behalf when authenticating with github, gmail, etc. If you need to refresh the access token, you might try the passport-oauth2-refresh module.
Declared stable. No code changes.
Initial release for A3. Tested and working with Google and Okta. Other standard passport modules should also work, especially those based on OpenAuth.