passport-signatures

0.0.2 • Public • Published

passport-signatures

Build Status Dependency Status

Passport strategy for signature authentication.

This module lets you provide signature authentication in your Node.js applications. By plugging into Passport, signature authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware , including Express.

Install

$ npm install passport-signatures

About Strategy

The signature authentication strategy authenticates using a calculated signature. In this strategy the request sent will include a signature from specified data that is encryted with a secret key. The server will verify the signature by recreating the signatue on the server side and matching it to the request signature. This is the same method used by the Amazon Web Services Signing Process.

The data that is encrypted should include various data points that is available to the client and that sent through the request and data the server knows about the client. This can include data from the headers, HTTP Method, Client IP Address, the request body, etc. The important not to make is that the server needs recreate the signature that is created to verify the signature sent by the client.

Usage

Configure Strategy

The signature and public key can be passed through any method that you choose . In this example, they are being passed through the header. To see this example live check out in the signature example.

passport.use(new SignatureStrategy({}, function(req, done) {
    User.findByPublicKey(req.headers.publickey, function(err, user) {
      var signingString;
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      signingString = req.method + "\n" + req.headers.publickey;
      return done(null, user, req.headers.signature, signingString, user.secretKey);
    });
  }));

Authenticate Requests

Use passport.authenticate(), specifying the 'signature' strategy, to pass authentication of a request. Requests do not require session support, so the session option can be set to false.

For example, as route middleware in an Express application:

passport.authenticate('signature', { session: false })

Examples

For a complete, working example, refer to the example.

Tests

$ npm install
$ npm test

Credits

License

The MIT License

Copyright (c) 2013 Jonathan Chapman <http://github.com/chafnan>

Readme

Keywords

none

Package Sidebar

Install

npm i passport-signatures

Weekly Downloads

9

Version

0.0.2

License

none

Last publish

Collaborators

  • chafnan