passwordless-memorystore
v0.0.1
Published
In-memory TokenStore for Passwordless
Downloads
43
Maintainers
Readme
Passwordless-MemoryStore
This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website https://passwordless.net for more details.
Tokens are stored in memory and are hashed and salted using bcryptjs. As such, tokens will not survive a restart of your application. This implementation is mainly meant for example, proof-of-concepts or perhaps unit testing.
Usage
First, install the module:
$ npm install passwordless-memorystore --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = require('passwordless');
var MemoryStore = require('passwordless-memorystore');
passwordless.init(new MemoryStore());
passwordless.addDelivery(
function(tokenToSend, uidToSend, recipient, callback) {
// Send out a token
});
app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());
Initialization
new MemoryStore();
Example:
passwordless.init(new MemoryStore());
Hash and salt
As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-memorystore uses bcryptjs with automatically created random salts. To generate the salt 10 rounds are used.
Tests
$ npm test
License
Author
Lloyd Cotten