1.0.1 • Published 9 years ago

virgil-passwordless v1.0.1

Weekly downloads
1
License
BSD
Repository
github
Last release
9 years ago

Passwordless auth for node applications

This module provides simple passwordless auth service using Virgil Public Keys infrastructure.

Installation

npm install virgil-passwordless

Usage

Initialize service

var VirgilPasswordless = require('virgil-passwordless');
var appToken = '1b79865e30978ec2ec9a83a44916b0a5';
var passwordless = new VirgilPasswordless(appToken);

Generate encrypted auth handshake token for email

var userEmail = 'user@example.com';
passwordless.generateToken(userEmail, function afterTokenGenerated (err, payload) {
	// payload = {
	//     encrypted_token: '91v2j39182jd39182jd1323c8j23c49...',
	//     public_key_id: 'vj32r-23e3ev-cece3-23gvc-423v'
	// }
});

What's inside

  1. Using given email retrive public key from Virgil public keys service
  2. Generate random token token and encrypt it using retrived public key
  3. Store token in local storage (memory or custom storage passed to constructor)
  4. Schedule token expiration (default timeout is 120 seconds)

Possible errors

ErrorCode
Public key lookup error1
Storage set error2

Verify decrypted token retrieved from the client

passwordless.verifyToken(userEmail, decryptedToken, function afterVerification (err) {
	// if err is null then verification was successfully passed
});

What's inside

  1. Pick original token from storage
  2. Compare origin token and decryptedToken passed to function
  3. Remove token from storage (even in case if compare failure)

Possible errors

ErrorCode
Storage get error3
Token not found4
Tokens not match5
Storage unset error6

Custom store for tokens

You can use custom store for tokens

new VirgilPasswordless(appToken, {
	store: customStore
});

Store should implement node-style callbacks based interface, example of implementation:

var store = {
	cache: {},
	get: function get (key, cb) {
		cb(null, cache[key]);
	},
	set: function set (key, value, cb) {
		this.cache[key] = value;
		cb(null);
	},
	unset: function unset (key, cb) {
		delete this.cache[key];
		cb(null);
	}
};

Token expire time

You can specify token expire time in ms

new VirgilPasswordless(appToken, {
	expireTimeout: 60000 // ms
});

License

BSD 3-Clause. See LICENSE for details.

Contacts

Email: support@virgilsecurity.com