npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

www-authenticate

v0.6.3

Published

Provides the functionality needed for a client to use HTTP Basic or Digest authentication. Also provides primitives for parsing WWW-Authenticate and Authentication_Info headers.

Downloads

16,758

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

randymizedrandymizedviceiceviceice

Keywords

www-authenticateHTTPdigestauthentication

Readme

www-authenticate Build Status

Not Maintained

www-authenticate is no longer being actively developed and has been archived. You are still welcome to use it but you may want to check for any forks that are more actively maintained. If it is of value to you, you are welcome to fork it or start a new project and incorporate its code into your project.

Documentation

Provides the functionality needed for a client to use HTTP Basic or Digest authentication. Also provides primitives for parsing WWW-Authenticate and Authentication_Info headers.

Parses the content of a WWW-Authenticate header sent by a server. Interpret the authentication challenge posed. Then generate the credentials for Authorization headers for subsequent requests from the server.

  • Supports Basic and Digest authentication schemes.
  • Supports 'auth' quality of protection (qop) and challenges that do not include qop.
  • Supports MD5 and MD5-sess algorithms.
  • Assumes Node.js, but otherwise makes no assumtion about framework.

Limitations

  • Included tests only test Digest scheme against the rfc2617 example.
  • Most of the permutations of qop and algorithm have not been tested.
  • Little real-world testing. That's where you can help! Report any failures or submit a patch that resolves an authentication failure.
  • Will not parse WWW-Authenticate headers that contain more than one challenge. Please send an example of one if you find one in the field or modify the parser to parse it.
  • Does not support auth-int qop, but will use auth qop if server allows either. Support could surely be added in the future.
  • Response to challenges without qop have not been tested.

Getting Started

Install the module with: npm install www-authenticate See examples below.

Examples

Use the high level interface:

var www_authenticate = require('www-authenticate');
var authenticator= www_authenticate.authenticator(username,password);

// Whenever you receive a response, send it to the authenticator.
// The authenticator will parse and record any challenge it contains.
authenticator.get_challenge(response);

//... now, whenever you make a request the authenticator will add an
// authorization header if a challenge has been received...
 var options= {
   method: "GET",
   path: "/dir/index.html"
 }
 authenticator.authenticate_request_options(options);
 if (authenticator.err) throw err;  // or do something similarly drastic
 http.request(options);

Use the low level interface:

var www_authenticate = require('www-authenticate');
var on_www_authenticate= www_authenticate(username,password);

// now wait for HTTP/1.1 401 Unauthorized and then parse the WWW_Authenticate header
var authenticator= on_www_authenticate(response.headers['www-authenticate']);
if (authenticator.err) throw err; // or do something similarly drastic

//... now, whenever you make a request, add an Authorization header:
response.setHeader('authorization', authenticator.authorize('GET',url));

Parse www-authenticate or authentication-info headers:

var parsers = require('www-authenticate').parsers;
var parsed= new parsers.WWW_Authenticate(request.headers['www-authenticate']);
console.log(parsed.scheme);
console.log(parsed.parms.nonce);

var parsed= new parsers.Authentication_Info(request.headers['authentication-info']);
console.log(parsed.parms.nonce);

User credentials:

This module exports a user_credentials function. When called, it returns a user_credentials object that uses the username and password to generate components of an Authentication header without exposing the password. A user_credentials object may be used in place of the username and password arguments.

Without user credentials:

var www_authenticate = require('www-authenticate');
var authenticator= www_authenticate.authenticator(username,password);

With user credentials:

var www_authenticate = require('www-authenticate');
var my_credentials= www_authenticate.user_credentials("Me","My Password");
var authenticator= www_authenticate.authenticator(my_credentials);

In the above example, my_credentials might actually be generated in a separate module and passed around instead of the plain text username and password, making accidental pasword disclosure less likely.

Options:

In the above examples, an option object may be passed in addition to the username and password (or user credentials). The following options are supported:

  • cnonce: provides a string to be used as the cnonce in digest authentication Authorization headers. If this option is not provided, a random cnonce will be generated.
  • sendImmediately: (high level interface only). If this option tests true, an Authorization header will always be produced, even if a WWW-Authenticate header has not been received. Until a WWW-Authenticate header is received, a Basic Authorization header will be generated. Once a WWW-Authenticate header is received, it's challenge will define the content of the Authorization header.

WWW-Authenticate header parser:

This module exports the parser that is used internally to parse a WWW-Authenticate header. Please see the tests for usage examples.

Contributing

In lieu of a formal styleguide, take care to maintain the existing coding style. Add unit tests for any new or changed functionality. Lint and test your code using Grunt.

Release History

  • v0.6.0: Add sendImmediately option. Inspired by request module.
  • v0.5.0: The higher-level interface is now exported directly by the module
  • v0.4.0: Provides a higher-level interface
  • v0.3.0: If password is null, it, and preceding ':' will not be included in hash

License

Copyright (c) 2013 Randy McLaughlin Licensed under the MIT license.