passport-gitlab-ssh

Passport strategy for authenticating with SSH keys and gitlab's public user keys used via JWT to authenticate requests.

This module lets you authenticate using GitLab in your Node.js applications. By plugging into Passport, GitLab authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-gitlab-ssh

How it Works

Say you've got SSH access to gitlab, eg, you can run ssh [email protected] and it will respond with my user ID. And you'd like to be able to make a HTTPS request to your-server.com, passing some secret from gitlab.com, so your server knows you're trusted.

This middleware allows you to validate requests signed using your private key.

The example client (docs/example-client.js) will:

• ssh into gitlab to discover the username
• generate a JWT claiming which user I am
• sign the JWT using my private key

And this server middleware will:

• recieve the request claiming which user it was
• get the user's pubkey from gitlab.com/users/myuser.key
• verifies the JWT was signed by that user's private key, using the pubkey provided by gitlab

Configure Strategy

passport.use(new GitLabSshStrategy({},
  function(user, done) {
    done(user);
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'gitlab-ssh' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/secure', passport.authenticate('gitlab-ssh'));

FAQ

How do I use my own GitLab instance rather than gitlab.com?

Passport-GitLab automatically uses GitLab.com as authentication endpoint when not configured otherwise. You can use the baseURL parameter to point to any other GitLab instance as following:

new GitLabSshStrategy({
  baseURL: "https://gitlab.example.com/"
}), ...)

License

The MIT License