Compatibility
Compatible with Meteor 2.4
This repository provides versions for the package simple:rest-accounts-password that are compatible with latest Meteor. This is necessary because the author is not maintaining package anymore.
Changes
- v1.2.2
- v1.2.1
- Update simple:json-routes to 2.3.0
- v1.2.0
api.versionsFrom
onPackage.onUse
was changed from1.1.0.2
to2.4
.
Log in and register password accounts over HTTP
meteor add simple:rest-accounts-password
If you have accounts-password
in your app, and you want to be able to use it over HTTP, this is the package for you. Call these APIs to get an access token, and pass that token to API methods you defined with simple:rest
to call methods and publications that require login.
Make sure to serve your app over HTTPS if you are using this for login, otherwise people can hijack your passwords. Try the force-ssl
package.
POST /users/login, POST /users/register
The login and registration endpoints take the same inputs. Pass an object with the following properties:
username
email
password
password
is required, and you must have at least one of username
or email
.
Responses
Both login and registration have the same response format.
1// successful response, with HTTP code 200 2{ 3 token: "string", 4 tokenExpires: "ISO encoded date string", 5 id: "user id" 6} 7 8// error response, with HTTP code 500 9{ 10 error: "error-code", 11 reason: "Human readable error string" 12}
Authentication
After adding this package, API endpoints accept a standard bearer token header (Based on RFC 6750 and OAuth Bearer).
Authorization: Bearer <token>
Here is how you could use Meteor's http
package to call a method as a logged in user. Inside the method, the current user can be accessed the exact same way as in a normal method call, through this.userId
.
1HTTP.post("/methods/return-five-auth", { 2 headers: { Authorization: "Bearer " + token } 3}, function (err, res) { 4 console.log(res.data); // 5 5});
Change log
1.1.1
- Change order of middleware, and add error middleware
1.1.0
- Add token parsing and auth middleware into the middleware stack
- This functionality was moved from simple:rest, since it's outside its scope
- Known issue: Middleware is added on all routes (user should have control over which routes middleware is applied, and at the very least it should be restricted to API routes)
- Use the latest version of
simple:json-routes
(1.0.3)
1.0.3
- Fixed bug where logging into accounts with no email would log into the wrong
account.