Did you know Node.js is one of the top communities using Stormpath? After many requests, we’re happy to welcome our new server-side JavaScript overlords with the Stormpath Node SDK v.01.
The new SDK helps Node devs build out production-grade user management and launch their applications faster. A few of the common issues with authentication in Node, now solved by the SDK:
- Where user authentication and authorization should live in applications built with a frontend MVC framework (e.g. Angular) and Node on the backend
- Keeping up with crypto advancements is a pain and frameworks aren’t always up-to-date on best practices
- User data should be extendable and not tied to a single app
While we work on a client-side authentication protocol, this release allows JS developers to use Stormpath on the server without being tempted to embed API keys/secrets in the client (don’t do it!).
For newcomers to the blog, Stormpath is a User Management API that reduces development time by offloading your user infrastructure. You own the data, and Stormpath gives you a scalable, secure user store, complete with groups, roles and workflows like password reset.
Stormpath is built to automate user management – no user tables or password hashing required. The Node SDK goes a step further by wrapping REST calls in semantic, asynchronous JavaScript.
Install the Stormpath Node SDK
If you’re already familiar with Stormpath, install the module with: npm install stormpath
|
1 2 |
var stormpath = require('stormpath'); |
Stormpath Node SDK
Register Users
Collect the username (or email) and password and POST to Stormpath to register a new user. All API calls are made over HTTPS, so you don’t have to perform any password security within your app.
The SDK provides easy-to-use JavaScript objects and methods:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
var account = { givenName: 'Jean-Luc', surname: 'Picard', username: 'jlpicard', password: 'Changeme1!' }; createdApp.createAccount(account, function onAccountCreated(err, createdAccount) { if (err) throw err; console.log(createdAccount); }); |
Authenticate Users
Same process as registration; collect the user’s credentials and send them to Stormpath. The SDK logs a success message or human readable error.
|
1 2 3 4 5 6 7 8 9 10 11 |
var authcRequest = { username: 'jlpicard', password 'Changeme1!' }; createdApp.authenticateAccount(authcRequest, function onAuthcResult(err, result) { if (err) throw err; console.log(result.account); }; |
Manage Authorization
Role Based Access Control is built into Stormpath. Better yet, it’s super simple. Creating new Groups, like “Administrators”, is one call:
|
1 2 3 4 5 6 7 |
var group = {name: 'Administrators'} createdApp.createGroup(group, onGroupCreation(err, createdGroup) { if (err) throw err; console.log(createdGroup); }); |
Then, add accounts to your new Group(s):
|
1 2 3 4 5 6 |
group.addAccount(accountOrAccountHref, onMembershipCreated(err, membership) { if (err) throw err; console.log(membership); }); |
Reduce Latency with Caching
The SDK ships with a caching plugin to reduce calls made to our servers. This minimizes network latency and generally makes for happier users.
More
There are lots of goodies that are out of scope here but are worth checking out if you’re new to the Stormpath API.
Coming Soon…
- More-robust Custom Data support for ad-hoc user profiles
- Caching support for Memcached and Redis
- Integration with Express
- Sample apps
Note: Account and Group customData is supported only during account and group creation or updates, directly via the account or group resource. Fully-featured custom data resource objects will be available in the 0.2 release.
Docs
Get started making your own Accounts and Groups with the Quickstart Guide. Full API docs are available for more advanced functionality.
Side Note: We weren’t satisfied with the readability of our API docs generated by existing tools, so we put together an AngularJS app to help. An open source version of that tool is en route for anyone interested.
Feedback
Being a Java team ourselves, we’re excited to see what a young, fast growing community like Node’s has in store.
Do you have suggestions? Requests? Questions? We encourage the GitHub inclined to open an issue on the repo. We’d also love for you to get in touch at [email protected] or on chat (lower right of this page).