Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Web Authorization Protocol
JavaScript
Branch: master

minor edits

latest commit 5b64c2a916
Eran Hammer authored
Failed to load latest commit information.
images logo
lib coverage
test coverage
.gitignore Delegation in mac
.travis.yml node .10
LICENSE node 0.11. Closes #19
README.md minor edits
package.json lint

README.md

oz Logo

A web authorization protocol based on industry best practices. A redo of the original ideas behind OAuth, providing interoperability and security out-of-the-box.

Build Status

This is an experimental module and is not ready for production usage.

API

endpoints

app(req, payload, options, callback)

Generates an application ticket where:

  • req - the node.js http server request object. The following properties are expected to exist on req:
    • method - HTTP method used, for example: 'POST'.
    • url - path to app endpoint
    • headers - HTTP headers with host and authorization populated.
  • payload - The raw HTTP request payload string. Can be null, but a parameter must be provided in this place to the function.
  • options - the following options are available
    • encryptionPassword - secret string used to encrypt the password
    • ticket - options to pass to the Oz.ticket.issue function.
    • loadAppFunc - has the following signature (id, callback). The callback expects to be called with the following signature (err, app). The app object is represented below in the [app-object-example].
    • hawk - object that represents options to forward to Hawk authenticate function. Refer to the Hawk documentation for the full list of options.
  • callback - called with the following parameters: err and ticket

reissue(req, payload, options, callback)

Reissue an existing ticket where:

  • req - the node.js http server request object. The following properties are expected to exist on req:
    • method - HTTP method used, for example: 'POST'.
    • url - path to app endpoint
    • headers - HTTP headers with host and authorization populated.
  • payload - an object representing important payload restrictions. The following properties are supported
    • issueTo - sets the ticket issueTo option passed to Oz.ticket.reissue
    • scope - ticket scope, represented as an array of strings.
  • options - the following options are available
    • encryptionPassword - secret string used to encrypt the password
    • ticket - options to pass to the Oz.ticket.issue function.
    • loadAppFunc - has the following signature (id, callback). The callback expects to be called with the following signature (err, app). The app object is represented below in the [app-object-example].
    • hawk - object that represents options to forward to Hawk authenticate function. Refer to the Hawk documentation for the full list of options.
  • callback - called with the following parameters: err and ticket

ticket

issue

The issue function will create a ticket and pass it to the callback function. The function signature is (app, grant, encryptionPassword, options, callback).

app

An object representing the object id, scope, and secret, see [app-object-example] below.

grant

Represents the limitations of the ticket. The user, scope, and expiration are all set. See the [grant-object-example] below.

encryptionPassword

options

Below are the available options to provide to options.

  • ttl - time to live in milliseconds, defaults to 1 hour
  • scope - ticket scope, represented as an array of strings
  • ext - server extension object with the following properties
    • tos - version of terms of service
    • private - anything inside 'private' is only included in the encrypted portion
  • iron - object to override Iron defaults
  • keyBytes - ticket secret size in bytes, defaults to 32
  • hmacAlgorithm- Hawk algorithm to use, defaults to 'sha256'

hawk

Access to the required hawk module from Oz.hawk.

Example Objects

App Object Example

var app = {
    id: '123',                          // Application id
    scope: ['a', 'b']                   // Grant scope
};

Grant Object Example

var grant = {
    id: 'd832d9283hd9823dh',            // Persistent identifier used to issue additional tickets or revoke access
    user: '456',                        // User id
    exp: 1352535473414,                 // Grant expiration
    scope: ['b']                        // Grant scope
};
Something went wrong with that request. Please try again.