v1.1.0Published 6 years ago

This package has not had recent updates. Please investigate it's current state before committing to using it in your project.

Log in and register password accounts over HTTP

meteor add simple:rest-accounts-password

If you have accounts-password in your app, and you want to be able to use it over HTTP, this is the package for you. Call these APIs to get an access token, and pass that token to API methods you defined with simple:rest to call methods and publications that require login.

Make sure to serve your app over HTTPS if you are using this for login, otherwise people can hijack your passwords. Try the force-ssl package.

POST /users/login, POST /users/register

The login and registration endpoints take the same inputs. Pass an object with the following properties:

  • username
  • email
  • password

password is required, and you must have at least one of username or email.


Both login and registration have the same response format.

1// successful response, with HTTP code 200
3  token: "string",
4  tokenExpires: "ISO encoded date string",
5  id: "user id"
8// error response, with HTTP code 500
10  error: "error-code",
11  reason: "Human readable error string"


After adding this package, API endpoints accept a standard bearer token header (Based on RFC 6750 and OAuth Bearer).

Authorization: Bearer <token>

Here is how you could use Meteor's http package to call a method as a logged in user. Inside the method, the current user can be accessed the exact same way as in a normal method call, through this.userId."/methods/return-five-auth", {
2  headers: { Authorization: "Bearer " + token }
3}, function (err, res) {
4  console.log(; // 5

Change log


  • Add token parsing and auth middleware into the middleware stack
    • This functionality was moved from simple:rest, since it's outside its scope
    • Known issue: Middleware is added on all routes (user should have control over which routes middleware is applied, and at the very least it should be restricted to API routes)
  • Use the latest version of simple:json-routes (1.0.3)


  • Fixed bug where logging into accounts with no email would log into the wrong