Treehouse authentication
Authentication module written in TypeScript providing authentication utilities and JWT methods.
Installation
Install via npm
npm install tree-house-authentication
or via yarn
yarn add tree-house-authentication
Usage
const authenticator =
JWT
Configuration
const jwtSettings = algorithm: 'HS256' expiresIn: '7d' audience: 'TREEHOUSE-AUTH' issuer: 'treehouse-authentication' secretOrKey: '5kZxE|gZu1ODB183s772)/3:l_#5hU3Gn5O|2ux3&lhN@LQ6g+"i$zqB_C<6';
You can find all possible configuration options at Github: node-jsonwebtoken
createJwt(payload, jwtSettings)
Returns a json webtoken with the provided payload and configuration. (Asynchronous)
authenticateJwt(token, jwtSettings)
Returns a decoded jwt token when the provided token is still valid. (Asynchronous)
decodeJwt(token)
Returns a decoded json webtoken. This does not validate the token. (Synchronous)
Sessions
getSession(options)
Returns an express middleware function to use on session based routes using the express-session
module. (Synchronous)
const app = ; const session = ; app;
Two-factor authentication
Two-factor authentication functions using the speakeasy
module.
generate2FAKey(options)
Returns two-factor authentication key with base32 and otp-authentication url needed for QR code generation
const otpauth_url base32 ... = ;
generateQrCode(options)
Returns QR code image data, user secret, and url (if you wish to have a custom qr code implementation)
const imageData secret url = ;
verifyToken(secret, token)
Verify whether a token is valid depending on a provided user secret (returns true/false)
const isValidCode = ;
LDAP
CreateLdapClient(clientOptions, dnString, password)
WARNING !! : unbind function does not work in node 10 See (https://github.com/joyent/node-ldapjs/issues/483)
searchUsers(ldapClient, dnString, filterOptions)
Example
const clientOptions = url: 'ldap://ldap.forumsys.com' port: '389';const dnString = 'cn=read-only-admin,dc=example,dc=com';const password = 'password'; // create a client instance that is connected with the directory serverconst client = ; const searchDn = 'dc=example,dc=com';const filterOptions = filter: '(objectClass=*)' scope: 'sub' ; //Search users in the directory serverconst users = await
SAML
createLoginRequest(serviceProvider, identityProvider, binding)
Returns a login url to the identity provider
parseSAMLResponse(serviceProvider, identityProvider, request)
Parses the SAML request to a JSON object
createLogout(serviceProvider, identityProvider, user, redirectUrl?)
Creates an SSO logout url for the given user (sp initiated)
createServiceProvider(xmlMetaData: string | Buffer, args: ServiceProviderSettings = {})
Creates a service provider object to interact with.
createIdentityProvider(xmlMetaData: string | Buffer, args: IdentityProviderSettings = {})
Creates an identityProvider object to interact with
Example
const serviceProvider = ; const identityProvider = ; // Login async { const loginUrl = res; } // The identity provider will send SAML response upon successful authentication // We will validate the response async { const user = ; if user /* business logic} */ } // Logout async { const logoutUrl = res }
Utilities
generateRandomHash(algorithm (optional), secret (optional))
Returns a random hash (can be used for tokens) (Synchronous)
getHashedPassword(password, saltCount)
Returns a hashed password. (Asynchronous)
comparePassword(password, hashedPw)
Check whether a password is valid compared with a hashed password. (Asynchronous)
Tests
You can run npm run test
to run all tests
You can run npm run test:coverage
to run all tests with coverage report
Authors
See the list of contributors who participated in this project.
License
This project is licensed under the ISC License - see the LICENSE.md file for details