passport-client-certificate
v0.1.1
Published
Passport middleware for client certificate authentication
Downloads
119
Readme
passport-client-certificate
Passport strategy for authenticating using client certificates.
This module lets you authenticate using client certificates in Node.js applications. Client certificate authentication can be added any application or framework that supports Connect-style middleware, including Express. Optionally, using koa-passport it can be integrated into Koa
Install
$ npm install passport-client-certificate
Usage
Configure Strategy
The client cert authentication strategy authenticates requests based on the client certificate credentials submitted in the TLS handshake
Applications must supply a verify
callback which accepts the client
certificate. It then calls the done
callback supplying a
user
. User should be set to false
if the credentials are not valid. If
an exception occured, err
should be set.
Options:
- passReqToCallback
when true
, req
is the first argument to the
verify callback (default: false
)
Examples:
passport.use(new ClientCertStrategy(
function (certificate, done) {
if (!config.auth.client_certificates_enabled) {
return done(new UnauthorizedError('Unsupported authentication method'))
}
const fingerprint = clientCert.fingerprint.toUpperCase()
Account.findByFingerprint(fingerprint)
.then(function (userObj) {
if (!userObj || userObj.is_disabled || userObj.fingerprint !== fingerprint) {
return done(new UnauthorizedError('Unknown or invalid account'))
}
done(null, userObj)
})
}))
Authenticate Requests
Use passport.authenticate()
, specifying the 'client-cert'
strategy, to
authenticate requests.
For example, as route middleware in an Express application:
app.post('/login',
passport.authenticate('client-cert', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});
Tests
$ npm install
$ npm test
Credits
Setting up certificates for the test application is based on https://github.com/anders94/https-authorized-clients/.