Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

HTTP Basic and Digest authentication strategies for Passport and Node.js.

License

NotificationsYou must be signed in to change notification settings

jaredhanson/passport-http

Repository files navigation

HTTP Basic and Digest authentication strategies forPassport.

This module lets you authenticate HTTP requests using the standard basic anddigest schemes in your Node.js applications. By plugging into Passport, supportfor these schemes can be easily and unobtrusively integrated into anyapplication or framework that supportsConnect-stylemiddleware, includingExpress.

❤️Sponsors

Advertisement
Node.js, Express, MongoDB & More: The Complete Bootcamp 2020
Master Node by building a real-world RESTful API and web app (with authentication, Node.js security, payments & more)

npmbuildcoverage...

Install

$ npm install passport-http

Usage of HTTP Basic

Configure Strategy

The HTTP Basic authentication strategy authenticates users using a userid andpassword. The strategy requires averify callback, which accepts thesecredentials and callsdone providing a user.

passport.use(new BasicStrategy(  function(userid, password, done) {    User.findOne({ username: userid }, function (err, user) {      if (err) { return done(err); }      if (!user) { return done(null, false); }      if (!user.verifyPassword(password)) { return done(null, false); }      return done(null, user);    });  }));

Authenticate Requests

Usepassport.authenticate(), specifying the'basic' strategy, toauthenticate requests. Requests containing an 'Authorization' header do notrequire session support, so thesession option can be set tofalse.

For example, as route middleware in anExpressapplication:

app.get('/private',   passport.authenticate('basic', { session: false }),  function(req, res) {    res.json(req.user);  });

Examples

For a complete, working example, refer to theBasic example.

Usage of HTTP Digest

Configure Strategy

The HTTP Digest authentication strategy authenticates users using a username andpassword (aka shared secret). The strategy requires asecret callback, whichaccepts ausername and callsdone providing a user and password known to theserver. The password is used to compute a hash, and authentication fails if itdoes not match that contained in the request.

The strategy also accepts an optionalvalidate callback, which receivesnonce-relatedparams that can be further inspected to determine if the requestis valid.

passport.use(new DigestStrategy({ qop: 'auth' },  function(username, done) {    User.findOne({ username: username }, function (err, user) {      if (err) { return done(err); }      if (!user) { return done(null, false); }      return done(null, user, user.password);    });  },  function(params, done) {    // validate nonces as necessary    done(null, true)  }));

Authenticate Requests

Usepassport.authenticate(), specifying the'digest' strategy, toauthenticate requests. Requests containing an 'Authorization' header do notrequire session support, so thesession option can be set tofalse.

For example, as route middleware in anExpressapplication:

app.get('/private',   passport.authenticate('digest', { session: false }),  function(req, res) {    res.json(req.user);  });

Examples

For a complete, working example, refer to theDigest example.

License

The MIT License

Copyright (c) 2011-2013 Jared Hanson <http://jaredhanson.net/>

About

HTTP Basic and Digest authentication strategies for Passport and Node.js.

Resources

License

Stars

Watchers

Forks

Sponsor this project

    Packages

    No packages published

    Contributors5

    [8]ページ先頭
    ©2009-2025 Movatter.jp