2.0.6 • Published 7 years ago
bedrock-consumer v2.0.6
bedrock-consumer
A bedrock library that provides simpler helper methods for authenticating and establishing user sessions and a method to verify and convert a HTTP-posted identity profile to an event-based API to assist implementers of custom processing of credentials. It is not a comprehensive credential consumer application, rather it provides some basic, common capabilities for applications that consume credentials.
This module:
- Provides express middleware for decentralized identity authentication, creating and destroying sessions with an application, and converting a posted identity profile that contains credentials into an event-based API for processing those credentials
- Attaches some user information to session state to assist frontend applications
- Works in conjunction with bedrock-passport to setup default user settings and permissions for non-persistent users that log into an application
Requirements
- npm v3+
Middleware
This module provides some express middleware:
- login - This middleware will attempt to establish an authenticated session for the user that sent the request. Upon success, a status code of 200 and the identity that was authenticated are sent to the client. If the user can't be authenticated, a status code of 400 is returned. See bedrock-passport or bedrock-identity for more information.
- logout - This middleware will destroy any currently authenticated session and return a status code of 204.
- authenticate - This middleware will attempt to authenticate the given decentralized identity by verifying its digital signature and any signatures found on its associated credentials. A status code of 200 and a response body including the authenticated identity and verified credentials is returned to the client on success. If the user cannot be authenticated, a status code of 400 is returned.
- handleCredential - This middleware will attempt to verify the posted
identity profile containg credentials, and on success, will pass them to
bedrock's event API using the custom
bedrock-consumer.credentials.process
event. Any event handlers will be passed event data with the expressrequest
,response
, andnext
middleware handler, as well as theidentity
andverifyResults
. Once all event handlers have executed (or once one of them cancels and takes over the process), a status code of 204 will be returned to the client.