passport.js authentication and authorisation strategy for client certificate received by forwarded header.
passport-cert-header is for process forwarded cert from router to a Node.js application.
The strategy constructor requires a verify callback, which will be executed on each authenticated request. It is responsible for checking the validity of the certificate and user authorisation.
passReqToCallback- optional. Causes the request object to be supplied to the verify callback as the first parameter.
The verify callback is passed with the client certificate object and a done callback. The done callback must be called as per the passport.js documentation.
var passport = require('passport');
var CertHeaderStrategy = require('passport-cert-header').Strategy;
passport.use(new CertHeaderStrategy({header: 'client-cert'}, function({ cert: clientCert }, done) {
var { cn } = clientCert.subject,
user = null;
// The CN will typically be checked against a database
if(cn === 'test-cn') {
user = { name: 'Test User' }
}
done(null, user);
}));The verify callback can be supplied with the request object by setting the passReqToCallback option to true, and changing callback arguments accordingly.
passport.use(new ClientCertHeaderStrategy({ passReqToCallback: true }, function(req, { cert: clientCert }, done) {
var { cn } = clientCert.subject,
user = null;
// The CN will typically be checked against a database
if(cn === 'test-cn') {
user = { name: 'Test User' }
}
done(null, user);
}));npm install
npm test