@pupomio/tankbayauthn v1.0.20
#Tankbay Internet Authentication Module
Creates a MySQL token based authentication system allowing multiple authentication backends.
###Token backend
tankbayauthn.authenticate(options)
returns a token which includes a generated token along with user data, encrypted using AES and the configured secret. The token is stored in the database with an expiry date <token_lifetime>
seconds from the time of creation. The function takes a single parameter of a javascript object specifying options.
Configuration of the token backend is via the config.json file.
Example
{
"secret" : "<secret_passphrase>", # Keep this secret!
"token_lifetime": "<token_lifetime>",
"mysql" : {
"host": "<host_name>",
"port": "<port_number>",
"database": "<database_name>",
"table": "<user_table_name>",
"user": "<database_user>",
"password": "<database_password>"
}
}
###Backend Usage
Authentication backend is specified using the type property of the options object. Individual options structure is detailed in the backend specific sections below.
####MySQL
{
"backend_type": "mysql",
"config": {
"host": "<host_name>",
"port": "<port_number>",
"database": "<database_name>",
"table": "<user_table_name>",
"user": "<database_user>",
"password": "<database_password>",
"un_col": "<username_column>", # Optional, default: email
"pw_col": "<password_column>", # Optional, default: password
},
"credentials": {
"username": "<username>",
"password": "<password>"
}
}
Token Generation And Usage
Tokens are generated after a user successfully authenticates against the given backend. The encrypted token can then be presented, validated and revoked by the application to determine access.
Validation
The tankbayauthn.validateToken(token)
function expects a single parameter of an existing encrypted token. The token is checked for validity and if valid will return a javascript object of the users attributes. Revoked tokens will have their expiry set to a date in the past. Invalid tokens will throw a TokenExpiredError
.
Revocation
There are three functions to revoke tokens:
1. tankbayauthn.revokeToken(token)
Revokes the given token.
2. tankbayauthn.revokeTokens(id)
Revokes all tokens for the given user.
3. tankbayauthn.revokeAllTokens()
Revokes all currently valid tokens.
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago