Install
npm i passport-pasetoUsage
LocalPasetoStrategy (symmetric key)
const app = fastify();
// Must have due to @fastify/passport depends on @fastify/flash
app.register(fastifySession, {
secret: "secret with minimum length of 32 characters",
});
app.register(fastifyPassport.initialize());
const key = await V3.generateKey("local");
const token = await V3.encrypt(
{
username: "test",
},
key,
{
expiresIn: "99999999s",
}
);
fastifyPassport.use(
"local-paseto",
new LocalPasetoStrategy(
{
getToken: fromAuthBearer(),
key,
version: "V3",
},
(payload, done) => {
done(null, { username: "username_test" });
}
)
);
app.get(
"/test/bearer",
{
preValidation: fastifyPassport.authenticate("local-paseto", {
authInfo: false,
session: false,
}),
},
async function (req, reply) {
reply.send();
}
);
app.listen();LocalPasetoStrategy(options: LocalPasetoStrategyOptions, verify);
LocalPasetoStrategyOptions:
-
key:<KeyObject>The secret key to decrypt with. Alternatively a'k3.local.[data]'PASERK string or any input that works forcrypto.createSecretKey(). -
passReqToCallback:<boolean>defaultfalse. -
getToken:<Function>(...args) => (req) => string-
fromHeader: extract token from header defaultX-Paseto-Token. -
fromAuthBearer: extract token from Authorization Bearer. -
fromAuthScheme: extract token from Authorization, e.g. Basic, Digest ... -
fromBody: extract token from request body. -
fromQuery: extract token from request query.
-
- version:
V1|V3 -
consumeOptions:<Object>-
assertion:<string>|<Buffer>PASETO Implicit Assertion -
audience:<string>Expected audience value. An exact match must be found in the payload. -
clockTolerance:<string>Clock Tolerance for comparing timestamps, provided as timespan string e.g.120s,2 minutes, etc. Default: no clock tolerance -
complete:<Boolean>When false only the parsed payload is returned, otherwise an object with a parsed payload and footer (as a Buffer) will be returned. Default: 'false' -
ignoreExp:<Boolean>When true will not be validating the "exp" claim value to be in the future from now. Default: 'false' -
ignoreIat:<Boolean>When true will not be validating the "iat" claim value to be in the past from now. Default: 'false' -
ignoreNbf:<Boolean>When true will not be validating the "nbf" claim value to be in the past from now. Default: 'false' -
issuer:<string>Expected issuer value. An exact match must be found in the payload. -
maxTokenAge:<string>When provided the payload is checked to have the "iat" claim and its value is validated not to be older than the provided timespan string e.g.30m,24 hours. -
now:<Date>Date object to be used instead of the current unix epoch timestamp. Default: 'new Date()' -
subject:<string>Expected subject value. An exact match must be found in the payload.
-
Verify callback ([req], payload, next) => void
PublicPasetoStrategy(options: PublicPasetoStrategyOptions, verify)
PublicPasetoStrategyOptions:
- version:
V1|V2|V3|V4
const fastifyPassport = require("@fastify/passport");
const { LocalPasetoStrategy, fromAuthBearer } = require("passport-paseto");
const { V3 } = require("paseto");
const { secretKey, publicKey } = await V3.generateKey("public", {
format: "paserk",
});
const token = await V3.sign(
{
username: "test",
},
secretKey,
{
expiresIn: "99999999s",
}
);
fastifyPassport.use(
"public-paseto",
new PublicPasetoStrategy(
{
getToken: fromAuthBearer(),
publicKey,
version: "V3", //default V4
},
(payload, done) => {
done(null, { username: "username_test" });
}
)
);
app.get(
"/test/bearer",
{
preValidation: fastifyPassport.authenticate("public-paseto", {
authInfo: false,
session: false,
}),
},
async function (req, reply) {
reply.send();
}
);Tests
npm i
npm testNote Bene
Only test with Fastify.