Passwordless auth for node applications
This module provides simple passwordless auth middleware using Virgil public keys service backed by virgil-passwordless
Installation
npm install express-virgil-passwordless
Usage
express-virgil-passwordless
expects to fetch its params from req.body
, so some kind of request body parsing middleware should be applied before:
var app = ;var bodyParser = ;var session = ;var virgilPasswordless = ; app;app; app;
Client-side auth flow
- Client sends email to the server's auth endpoint (in this example
/auth
)
Request:
POST /auth
{
"email": "user-email@example.com"
}
- Server finds user's public key at Virgil Public Keys service
- Server encrypts random token with user's public key
- Server sends encrypted token back to the user
Response:
{
"public_key_id": "1c2j83-c312c3-qwcec2-cercwer",
"encrypted_token": "BASE64 encoded encrypted token"
}
- Client decrypts token with according key and sends back to the server
Request:
{
"email": "user-email@example.com",
"decrypted_token: "decrypted token string"
}
- Server verifies if decrypted token is valid for given email
- If token is valid server creates user session
- If token isn't valid server responds with error
Response:
custom response from `success` callback
How does passwordless auth work
If client already has keys registered in Virgil Public Keys Service
- User inputs email into login form
- Client sends email address to web apps auth endpoint
- Web app finds public key at Virgil public keys service using given email as search criteria
- Web app generates random token, encrypts it using client's public key and send back to the client
- Client decrypts token and sends it back to the web app
- Web app matches decrypted token with it's original value and calls session initiation callback if everything is ok
If client doesn't have keys registered in Virgil Public Key Service
- User inputs email into login form
- Client generates key pair and registers public key at Virgil Public Keys service using given email
- User enters confirmation code from email
- Client sends confirmation to Virgil public keys service
- Client sends email address to web apps auth endpoint
- Web app finds public key at Virgil Public Keys Service using given email as search criteria
- Web app generates random token, encrypts it using client's public key and send back to the client
- Client decrypts token and sends it back to the web app
- Web app matches decrypted token with it's original value and calls session initiation callback if everything is ok
Custom store for tokens
It's possible to specify custom store for tokens
app;
Store should implement node-style callbacks based interface, example of implementation:
var store = cache: {} { ; } { thiscachekey = value; ; } { delete thiscachekey; ; };
Token expire time
Specify token expire time in ms
app
Errors handling
For error details check virgil-passwordless
License
BSD 3-Clause. See LICENSE for details.
Contacts
Email: support@virgilsecurity.com