@pupomio/tankbayauthn v1.0.20

#Tankbay Internet Authentication Module

Creates a MySQL token based authentication system allowing multiple authentication backends.

###Token backend tankbayauthn.authenticate(options) returns a token which includes a generated token along with user data, encrypted using AES and the configured secret. The token is stored in the database with an expiry date <token_lifetime> seconds from the time of creation. The function takes a single parameter of a javascript object specifying options.

Configuration of the token backend is via the config.json file.

Example

{
  "secret" : "<secret_passphrase>", # Keep this secret!
  "token_lifetime": "<token_lifetime>",
  "mysql" : {
    "host": "<host_name>",
    "port": "<port_number>",
    "database": "<database_name>",
    "table": "<user_table_name>",
    "user": "<database_user>",
    "password": "<database_password>"
  }
}

###Backend Usage

Authentication backend is specified using the type property of the options object. Individual options structure is detailed in the backend specific sections below.

####MySQL

{
        "backend_type": "mysql",
        "config": {
		    "host": "<host_name>",
		    "port": "<port_number>",
		    "database": "<database_name>",
		    "table": "<user_table_name>",
		    "user": "<database_user>",
		    "password": "<database_password>",
		    "un_col": "<username_column>", # Optional, default: email
		    "pw_col": "<password_column>", # Optional, default: password
		},
        "credentials": {
            "username": "<username>",
            "password": "<password>"
        }
    }

Token Generation And Usage

Tokens are generated after a user successfully authenticates against the given backend. The encrypted token can then be presented, validated and revoked by the application to determine access.

Validation

The tankbayauthn.validateToken(token) function expects a single parameter of an existing encrypted token. The token is checked for validity and if valid will return a javascript object of the users attributes. Revoked tokens will have their expiry set to a date in the past. Invalid tokens will throw a TokenExpiredError.

Revocation

There are three functions to revoke tokens: 1. tankbayauthn.revokeToken(token) Revokes the given token. 2. tankbayauthn.revokeTokens(id) Revokes all tokens for the given user. 3. tankbayauthn.revokeAllTokens() Revokes all currently valid tokens.