Passport strategy for signature authentication.
This module lets you provide signature authentication in your Node.js applications. By plugging into Passport, signature authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware , including Express.
$ npm install passport-signatures
The signature authentication strategy authenticates using a calculated
signature. In this strategy the request sent will include a signature from
specified data that is encryted with a secret key. The server will verify
the signature by recreating the signatue on the server side and matching it
to the request signature. This is the same method used by the
Amazon Web Services Signing Process.
The data that is encrypted should include various data points that is available to the client and that sent through the request and data the server knows about the client. This can include data from the headers, HTTP Method, Client IP Address, the request body, etc. The important not to make is that the server needs recreate the signature that is created to verify the signature sent by the client.
The signature and public key can be passed through any method that you choose . In this example, they are being passed through the header. To see this example live check out in the signature example.
passport.use(new SignatureStrategy({}, function(req, done) {
User.findByPublicKey(req.headers.publickey, function(err, user) {
var signingString;
if (err) { return done(err); }
if (!user) { return done(null, false); }
signingString = req.method + "\n" + req.headers.publickey;
return done(null, user, req.headers.signature, signingString, user.secretKey);
});
}));Use passport.authenticate(), specifying the 'signature' strategy, to
pass authentication of a request. Requests do not require session support,
so the session option can be set to false.
For example, as route middleware in an Express application:
passport.authenticate('signature', { session: false })For a complete, working example, refer to the example.
$ npm install
$ npm test
Copyright (c) 2013 Jonathan Chapman <http://github.com/chafnan>