Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.
Also improve 404 error messages to include the model name.
Allow convenient URLs for curl and browsers such as:
- http://some-long-token@localhost:3000/
- http://token:some-long-token@localhost:3000/
Basic Auth specifies a 'Basic' scheme for the Authorization header
similar to how OAuth specifies 'Bearer' as an auth scheme.
Following a similar convention, extract the access token from the
Authorization header when it specifies the 'Basic' scheme, assuming
it is the larger of the <user>:<pass> segments.
Make `loopback.rest` self-contained, so that authentication works
out of the box.
var app = loopback();
app.enableAuth();
app.use(loopback.rest());
Note that cookie parsing middleware is not added, users have to
explicitly configure that if they want to store access tokens
in cookies.
Modify `loopback.token` to skip token lookup when the request already
contains `accessToken` property. This is in line with other
connect-based middleware like `cookieParser` or `json`.
Raymond Feng
Ron Edgecomb
Ryan Graham
Rob Halff
Miroslav Bajtoš
Karl Mikkelsen
Ritchie Martori