{"id":18656,"library":"passport-http-custom-bearer","title":"passport-http-custom-bearer","description":"Passport strategy for HTTP Bearer authentication using custom header, body field, or query parameter names (rather than the standard Authorization header). Version 1.0.15 is the latest stable release; the package sees infrequent updates. It forks passport-http-bearer to allow configurable field names like X-APIAuth or api_token. Key differentiator: flexibility for non-standard token placements, commonly used in legacy or custom API gateway setups. Supports Node >=0.4.0 and works with Express/Connect-style middleware.","status":"active","version":"1.0.15","language":"javascript","source_language":"en","source_url":"git://github.com/wwwslinger/passport-http-custom-bearer","tags":["javascript","passport","auth","authn","authentication","authz","authorization","http","bearer"],"install":[{"cmd":"npm install passport-http-custom-bearer","lang":"bash","label":"npm"},{"cmd":"yarn add passport-http-custom-bearer","lang":"bash","label":"yarn"},{"cmd":"pnpm add passport-http-custom-bearer","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Base class for Passport strategies","package":"passport-strategy","optional":false}],"imports":[{"note":"Default export only; named import will return undefined.","wrong":"const { CustomBearerStrategy } = require('passport-http-custom-bearer')","symbol":"default (CustomBearerStrategy)","correct":"import CustomBearerStrategy from 'passport-http-custom-bearer'"},{"note":"The module exports the constructor as default; Strategy is not a named export.","wrong":"import { Strategy } from 'passport-http-custom-bearer'","symbol":"Strategy","correct":"import Strategy from 'passport-http-custom-bearer'"},{"note":"CommonJS require returns the constructor directly, not an object.","wrong":"const { default } = require('passport-http-custom-bearer')","symbol":"require usage","correct":"const CustomBearerStrategy = require('passport-http-custom-bearer')"}],"quickstart":{"code":"import passport from 'passport';\nimport CustomBearerStrategy from 'passport-http-custom-bearer';\n\npassport.use('api-bearer', new CustomBearerStrategy(\n  {\n    headerName: 'APIAuth',\n    bodyName: 'api_token',\n    queryName: 'api_token'\n  },\n  (token, done) => {\n    // Replace with actual user lookup\n    if (token === 'valid-token') {\n      return done(null, { id: 1, name: 'John' }, { scope: 'read' });\n    }\n    return done(null, false);\n  }\n));\n\n// Express route example\nimport express from 'express';\nconst app = express();\napp.get('/profile', passport.authenticate('api-bearer', { session: false }), (req, res) => {\n  res.json(req.user);\n});","lang":"typescript","description":"Configures CustomBearerStrategy with custom header/body/query field names and uses it in an Express route."},"warnings":[{"fix":"If you want an exact header name without prefix, set headerName to include 'X-' yourself or use a workaround.","message":"The `headerName` option automatically prepends 'X-' prefix. For example, setting `headerName: 'APIAuth'` expects header `X-APIAuth`.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always specify a custom name like 'api-bearer' to avoid confusion.","message":"The default strategy name is 'custom-bearer'. In some documentation it's referred to as 'bearer'.","severity":"deprecated","affected_versions":">=1.0.0"},{"fix":"Use passport.authenticate with a custom callback and delete req.query[info.queryName] or req.body[info.bodyName].","message":"The strategy does not automatically strip the token from query or body after authentication. You must manually delete it in a custom callback if needed.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use Passport 0.6.x or test with newer versions carefully.","message":"Passport 0.7+ changed the internal callback signature. This strategy may not work with Passport >=0.7 without adaptation.","severity":"breaking","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Use `import CustomBearerStrategy from 'passport-http-custom-bearer'` (no curly braces).","cause":"Using named import instead of default import in ESM.","error":"TypeError: CustomBearerStrategy is not a constructor"},{"fix":"Run `npm install passport-http-custom-bearer` and verify package.json.","cause":"Module not installed or typo in package name.","error":"Cannot find module 'passport-http-custom-bearer'"},{"fix":"Ensure client sends token in the expected header (e.g., X-APIAuth), body field (api_token), or query parameter (api_token).","cause":"Token not found because custom header/field name is not being sent by client.","error":"UnauthorizedError: No auth token"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}