activeauth-sdk v0.0.1
ActiveAuth Node.js SDK
This library signs HTTP requests which are to be sent to the ActiveAuth REST API. Due to security reasons all the non-public endpoints of ActiveAuth require signing the HTTP requests with an identity key and a secret key. The library is intentionally only responsible for the signing of the HTTP requests and you can use it along with whichever Node.js HTTP client you already have in your project.
You can use this library on all versions of Node.js which support the crypto
APIs. While you can make it work in the browser as well, it's advisable to not use it client-side because you risk exposing your secret key!
Install
npm i activeauth-sdk
Example usage
import { signRequest } from 'activeauth-sdk'
const headers = {
'content-type': 'application/json', // required
date: new Date().toUTCString(), // required
accept: 'application/json'
};
const httpReqSignature: string = signRequest({
integrationKey: '#INTEGRATION_KEY#',
secretKey: "#INTEGRATION_SECRET_KEY",
host: 'https://api.activeauth.me',
method: "POST",
path: "/api/v2/users/$USER_ID/devices"
body: {},
date: new Date(headers.date), // must be the same Date value as in the headers
});
// you must now add the signature as `Authorization` header for your HTTP request
headers['authorization'] = httpReqSignature
It's advisable to integrate the request signing as an interceptor/plugin/extension method in your HTTP client library (request
, axios
, got
etc.) and thus calling signRequest
only once in your codebase.
You can see more examples usages in the example
folder.
Reference
canonize()
Serializes an HTTP request metadata in the following format:
- Date in UTC format
- HTTP method (uppercase)
- Host
- Path
- (empty line)
- sha512(HTTP body)
Example:
Fri, 19 Apr 2019 09:33:58 GMT
POST
example.com
/api/v1/users
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
This method is called internally by signRequest()
but it might be useful for testing/debugging/logging purposes.
Accepts a single object as argument with the following properties:
Name | Type | Required | Default | Description |
---|---|---|---|---|
host | string | yes | - | ActiveAuth server hostname |
path | string | no | "" | REST API resource path |
method | string | no | "GET" | HTTP method |
body | object | string | no | "" | HTTP body |
date | Date | no | new Date() | Time when the HTTP request is sent |
signRequest()
Signs an HTTP request with the following algorithm:
- canonizes the HTTP request
- hashes the result:
HMAC_SHA_512(canonized_http_req, secret)
- constructs a Basic Authentication string with the integration key as username and the hash as password
- base64 encodes the result
Accepts a single object as argument with the following properties:
Name | Type | Required | Default | Description |
---|---|---|---|---|
integrationKey | string | yes | - | Integrator integration key or user device ID |
secretKey | string | yes | - | Integrator integration secret key or user device secret key |
host | string | yes | - | ActiveAuth server hostname |
path | string | no | "" | REST API resource path |
method | string | no | "GET" | HTTP method |
body | object | string | no | "" | HTTP body |
date | Date | no | new Date() | Time when the HTTP request is sent |
Test
You can run the unit tests with:
npm test
3 years ago