It’s been slightly more than a year since we released our Express integration, and in that time we’ve refined our approach toward web framework integrations. While Express was our first step in the framework space, we always had a big vision: enabling Stormpath to seamlessly work with all the great web frameworks that exist today.

During the last year we’ve listened to your feedback and incorporated it into the big V2 release of Express-Stormpath. In this post we’ll talk about what we learned and what is new in the library.

Easy Integration with Angular

Developers want to use Stormpath in their front-end applications. We knew this, but as soon as we released our Express library we had a torrent of requests for Express + Angular. This is natural, as Express is the server-franca of most “full-stack” projects that incorporate a rich client with a data back-end.

Angular is by far the most-requested framework, followed by React. As such we decided to make Angular our first foray into the space, and we’ve been iterating our Stormpath Angular SDK since early this year.

The previous version of Express-Stormpath was difficult to integrate with Angular, but V2 of Express-Stormpath now has full JSON support, making it incredibly easy to use with Angular. We’ve updated our Stormpath Angular SDK to be compatible with V2.

Please note that the Stormpath Express SDK will be deprecated in favor of V2 of Express-Stormpath. The Stormpath Express SDK was an MVP of our back- end support for Angular, but now it’s being merged with Express-Stormpath to prevent feature duplication. We’ve had many successful migrations in that last month, please reach out if you have any questions.

Thinking Forward to Future Frameworks

We knew that we wanted to consolidate these libraries, but we also wanted to think forward: Angular is not the only front-end framework that we’ll be supporting (hand wave, React!). As we planned this new version, we wanted to ensure that the design would be generic enough to support many front-end frameworks. This prompted us to sit down and outline the specifics of how a
front-end library should integrate with our server-side libraries.

From this we developed the Stormpath Framework Spec, a collection of documents which outline all the specifics of how these libraries should integrate over HTTP. This spec is framework and language agnostic. As we bring more libraries and languages online, we want everything to be inter-operable. All the things! It was a lot of work around the big table, but this was my favorite part of the project.

Simplified Configuration

The framework spec drove another cleanup: how we define configuration for the integration. We scoped this a bit larger than just the framework and cleaned up our SDK client configuration as well. This is now being defined by the Stormpath SDK Spec.

What does this mean for your Express app? It means that you can turn on all the common features for a traditional website with a simple option:

{ website: true }

There are many other ways in which you can define the authentication behavior of your app, please see the Express Configuration Documentation for full information.

We’ve also added some really great features to the Registration Configuration, allowing you to define your registration form with a simple configuration object. We also take custom properties and put them in the custom data object for you, automatically.

OAuth2 Authentication

We recently added support for the password grant flow into our API. This allows you to generate OAuth2 access tokens for your users, complete with refresh tokens. We manage these tokens for you, allowing you to an account’s tokens and revoke them if needed.

Our Express integration is now leveraging these tokens. When a user logs into your application, we exchange their login credentials for these tokens and store them as HTTPS-only cookies in the browser. This effectively gives you sessions-as-a-service, win!

Same Features, Better Source

We’ve kept the features that you’ve come to love, such as the loginRequired middleware and the post-registration handlers. Behind the scenes we’ve made the code much more readable, making it easier to see how the underlying Node SDK is used. We found that many developers were using the Express-Stormpath source as a guide for writing their own customized middleware handlers, so we paid extra attention to the code quality in this release.

We’re Here to Help

As always, we want your Express application to be amazing. We’ve designed this upgrade to be as painless as possible. Please see the Upgrade Guide for assistance

Should you need any extra help, we’re always available on support – so hit us up!