1.0.8 • Published 6 years ago

@tdewolff/auth v1.0.8

Weekly downloads
2
License
ISC
Repository
github
Last release
6 years ago

Auth

Auth is a package that provides OAuth endpoints for social logins and issues a JWT to be used for subsequent API calls.

Supported:

  • Google
  • Facebook
  • GitHub

Security

Client - front-end web application, ie. the browser that the user controls Server - our API server that requires authentications for its endpoints Provider - the OAuth2 service that provides us with authorization to the user's data

CSRF

In order to prevent CSRF, or at least mitigate it, a few measures have been implemented.

  • Using proper CORS headers we prevent API requests from other websites using browsers (does not prevent native apps from making requests).
  • By checking both the Origin header and the Referrer header, making sure it is the same as the server's host. This prevents users from being redirected into a POST action from another website.

License

Released under the MIT license.

@infinitebrahmanuniverse/nolb-_td@everything-registry/sub-chunk-898
1.0.8

6 years ago

1.0.7

6 years ago

1.0.6

7 years ago

1.0.5

7 years ago

1.0.4

7 years ago

1.0.3

7 years ago

1.0.2

7 years ago

1.0.1

7 years ago

1.0.0

7 years ago