GithubHelp home page GithubHelp logo

sergeycherman / passport-client-cert Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ripjar/passport-client-cert

0.0 1.0 0.0 57 KB

Passport.js strategy for PKI client certificate authentication

License: MIT License

JavaScript 90.71% Shell 9.29%

passport-client-cert's Introduction

passport-client-cert

Build

passport.js strategy for TLS client certificate authentication and authorisation.

passport-client-cert is for TLS connections direct to a Node.js application.

Usage

The strategy constructor requires a verify callback, which will be executed on each authenticated request. It is responsible for checking the validity of the certificate and user authorisation.

Options

  • passReqToCallback - optional. Causes the request object to be supplied to the verify callback as the first parameter.

The verify callback is passed with the client certificate object and a done callback. The done callback must be called as per the passport.js documentation.

var passport = require('passport');
var ClientCertStrategy = require('passport-client-cert').Strategy;

passport.use(new ClientCertStrategy(function(clientCert, done) {
  var cn = clientCert.subject.cn,
      user = null;
      
  // The CN will typically be checked against a database
  if(cn === 'test-cn') {
    user = { name: 'Test User' }
  }
  
  done(null, user);
}));

The verify callback can be supplied with the request object by setting the passReqToCallback option to true, and changing callback arguments accordingly.

passport.use(new ClientCertStrategy({ passReqToCallback: true }, function(req, clientCert, done) {
  var cn = clientCert.subject.cn,
      user = null;
      
  // The CN will typically be checked against a database
  if(cn === 'test-cn') {
    user = { name: 'Test User' }
  }
  
  done(null, user);
}));

Examples

Install and start the example server app:

$ npm install
$ cd example
$ node example-server.js

Submit a request with a client certificate:

$ curl -k --cert certs/joe.crt --key certs/joe.key --cacert certs/ca.crt https://localhost:3443

If curl fails and you are using OSX Mavericks or newer (where support for ad-hoc CA certifcates is broken, try wget instead:

$ wget -qSO - --no-check-certificate --certificate=certs/joe.crt --private-key=certs/joe.key --ca-certificate=certs/ca.crt https://localhost:3443/

Requests submitted with joe.crt are authorised because joe is in the list of valid users. Requests submitted without a certificate, or with bob.crt will fail with a HTTP 401.

Test

$ npm install
$ npm test

Licence

The MIT Licence

passport-client-cert's People

Contributors

joews avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.