{"library":"passport-http-header-token","title":"Passport HTTP Header Token","description":"Passport HTTP Header Token is a Node.js authentication strategy for the Passport.js middleware, designed to authenticate users based on a raw token provided directly in an HTTP header. This strategy, currently at version 1.1.0, was last published in 2016 and has not received updates since, indicating it is an abandoned package. Its simple design requires a `verify` callback to validate the submitted token against a user store. Unlike the more commonly used `passport-http-bearer` strategy, `passport-http-header-token` expects a raw token value in the header rather than parsing a 'Bearer <token>' format, which can lead to confusion if standard RFC 6750 bearer tokens are expected. Due to its unmaintained status, developers should carefully consider potential security implications and evaluate more actively supported alternatives like `passport-http-bearer` or `passport-jwt` for modern applications.","language":"javascript","status":"abandoned","last_verified":"Wed Apr 22","install":{"commands":["npm install passport-http-header-token"],"cli":null},"imports":["const HTTPHeaderTokenStrategy = require('passport-http-header-token').Strategy;","const passport = require('passport');","passport.use(new HTTPHeaderTokenStrategy( /* ... */ ));"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"const express = require('express');\nconst passport = require('passport');\nconst HTTPHeaderTokenStrategy = require('passport-http-header-token').Strategy;\n\nconst app = express();\n\n// Mock User database for demonstration\nconst users = [{\n  id: 1,\n  username: 'testuser',\n  token: 'mysecrettoken123'\n}];\n\npassport.use(new HTTPHeaderTokenStrategy(\n  function(token, done) {\n    // In a real application, you would query your database here\n    // for a user associated with the provided token.\n    console.log(`Attempting to authenticate with token: ${token}`);\n    const user = users.find(u => u.token === token);\n\n    if (!user) {\n      return done(null, false, { message: 'Incorrect token.' });\n    }\n    return done(null, user);\n  }\n));\n\napp.use(passport.initialize());\n\napp.get('/api/protected', \n  passport.authenticate('http-header-token', { session: false, failureMessage: true }),\n  function(req, res) {\n    res.json({ message: `Access granted, user: ${req.user.username}` });\n  }\n);\n\napp.get('/', (req, res) => {\n  res.send('Welcome! Try GET /api/protected with an Authorization header like: Authorization: mysecrettoken123');\n});\n\nconst PORT = process.env.PORT || 3000;\napp.listen(PORT, () => {\n  console.log(`Server running on http://localhost:${PORT}`);\n  console.log('Test with: curl -H \"Authorization: mysecrettoken123\" http://localhost:3000/api/protected');\n  console.log('Test failure with: curl -H \"Authorization: wrongtoken\" http://localhost:3000/api/protected');\n});","lang":"javascript","description":"Demonstrates how to set up and use `passport-http-header-token` in an Express application to authenticate requests using a token provided in the 'Authorization' header.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}