I have implemented passport-local strategy and passport-bearer strategy.
When user logins with username/password credentials, I generate JSON Web Token which returns to requester. On each request I get access_token
from query, decode this token from JWT to object and make bearer authorization implemented in /api/policies
. And all auth works fine.
But when I provide this access_token
to RESTful route i.e. user
I got empty array.
The problem, that Sails accepts access_token
as criteria.
Example:
GET /user ## Forbidden
GET /user?access_token=<token> ## Empty array
How can I disable or fix it?
You would probably be better off sending your access token in a header than in the URL. But if what your asking is how to blacklist a certain property from being used as criteria in a blueprint route, it can be done in the following way in your config/routes.js file:
This will override the default blacklist, so you may want to include those defaults in your custom array: