Buzzard
Authentication protocol for HTTPS services.
Features
Uses an Authorization
header containing, nonce
, timestamp and authentication code, produced by the client.
Also supports URL-based authentication.
The client holds a secret key that it uses to craft the authentication code from the nonce and the timestamp.
The server gets the nonce so that it can validate if the nonce is repeated.
Supports browserify.
JS Client
Node.js
In Node.js you can get a reference to the Buzzard client library like this:
var Client = client;
Browser
On the browser, using browserify you can get a reference to the client library simply like this: (the server part of buzzard is not included for a smaller bundle size)
var Client = ;
Client.header
Creates a header given a credential:
var Client = client; var credentials = id: 'iiiidddd' key: 'kkkeeeyyy' algorithm: 'sha1'; var header = Client; // use request, jquery or whatvs, just be sure to send the HTTP header: 'Authorization': header
Client.url
Creates a URL given a base URL and a credential:
var Client = client; var credentials = id: 'iiiidddd' key: 'kkkeeeyyy' algorithm: 'sha1'; var baseURL = 'http://cats.cat/purr?a=1'var url = Client;
Server
Construct the server validator
Construct a server validator by providing a function that fetches the credentials given a credential id;
var Buzzard = server;var buzzard = ; // stupid example var credentials = 'user1': id: 'user1' key: 'kkkeeeyyy1' algorithm: 'sha1' 'user2': id: 'user2' key: 'kkkeeeyyy2' algorithm: 'sha1' /// cb is error-first { ;};
Server.authenticate
Authenticates a request object, either using authorization header or URL.
server; { buzzard; { if err resstatusCode = errresponsecode; res; else console; // validate nonce... res; }}
Middleware
Connect and Restify-compatible middleware:
var BuzzardMiddleware = servermiddleware;var buzzardMiddleware = ; app;
License
MIT