passport-client-cert
passport.js strategy for TLS client certificate authentication and authorisation.
passport-client-cert is for TLS connections direct to a Node.js application.
Usage
The strategy constructor requires a verify callback, which will be executed on each authenticated request. It is responsible for checking the validity of the certificate and user authorisation.
Options
passReqToCallback- optional. Causes the request object to be supplied to the verify callback as the first parameter.
The verify callback is passed with the client certificate object and a done callback. The done callback must be called as per the passport.js documentation.
var passport = ;var ClientCertStrategy = Strategy; passport;The verify callback can be supplied with the request object by setting the passReqToCallback option to true, and changing callback arguments accordingly.
passport;Examples
Install and start the example server app:
$ npm install
$ cd example
$ node example-server.js
Submit a request with a client certificate:
$ curl -k --cert certs/joe.crt --key certs/joe.key --cacert certs/ca.crt https://localhost:3443
If curl fails and you are using OSX Mavericks or newer (where support for ad-hoc CA certifcates is broken, try wget instead:
$ wget -qSO - --no-check-certificate --certificate=certs/joe.crt --private-key=certs/joe.key --ca-certificate=certs/ca.crt https://localhost:3443/
Requests submitted with joe.crt are authorised because joe is in the list of valid users. Requests submitted without a certificate, or with bob.crt will fail with a HTTP 401.
Test
$ npm install
$ npm test