0

I'm using Meteor 1.6 and Restivus v0.8.12 to define a few REST endpoints.

Restivus has only two options for authRequired:

  • true -> auth is required and API function isn't called otherwise
  • false -> authorization isn't performed even if credentials are submitted

I have an endpoint where I'd like authentication to be optional. That is, if they submit their userId and token credentials, then authenticate them as normal and define this.userId. If they don't, then leave this.userId undefined, but still call the action. Is this possible?

The alternatives I'm considering are either defining different endpoints (e.g. GET /record/:recordId/authenticated and GET /record/:recordId/public) or getting the raw Headers from the request and doing the authentication myself.

The first option makes the semantics of the API confusing and will involve duplicating the action function, while the second one re-invents the authentication process (probably poorly, since I'd be writing my own function :-)

Is there a better option available?

Hashcut
  • 833
  • 1
  • 5
  • 19
  • Seems you just make an unauthenticated endpoint then handle the credentials yourself if present. – Michel Floyd Nov 19 '17 at 02:19
  • Yeah, it looks like that's the best option. I can't find a simple function to invoke Restivus's built-in authentication code. I think I'll have to dig through the source code and either find an accessible function or copy the authentication code over. I was just hoping there was a way to avoid that... – Hashcut Nov 19 '17 at 04:50

0 Answers0