Skip to content

/ hmac-authentication-npm

Signs and authenticates HTTP requests based on a shared-secret HMAC signature

ISC License
0 stars 0 forks
Star
Notifications
master
Switch branches/tags
1 branch 4 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
test
 
 
.about.yml
 
 
.gitignore
 
 
.jshintrc
 
 
.travis.yml
 
 
LICENSE.md
 
 
README.md
 
 
gulpfile.js
 
 
index.js
 
 
package-lock.json
 
 
package.json
 
 
hmac-authentication npm Installation Authenticating incoming requests Signing outgoing requests

README.md

hmac-authentication npm

Signs and authenticates HTTP requests based on a shared-secret HMAC signature.

Developed in parallel with the following packages for other languages:

Installation

$ npm install hmac-authentication --save

Authenticating incoming requests

Assuming you're using Express, during initialization of your application, where config.signatureHeader identifies the header containing the message signature, config.headers is a list of headers factored into the signature, and config.secretKey is the shared secret between your application and the service making the request:

var express = require('express');
var bodyParser = require('bodyParser');
var HmacAuth = require('hmac-authentication');
var config = require('./config.json');

function doLaunch(config) {
  var middlewareOptions = {
    verify: HmacAuth.middlewareAuthenticator(
      config.secretKey, config.signatureHeader, config.headers)
  };
  var server = express();
  server.use(bodyParser.raw(middlewareOptions));

  // Continue server initialization...
}

If you're not using Express, you can use something similar to the following:

var HmacAuth = require('hmac-authentication');
var config = require('./config.json');

// When only used for authentication, it doesn't matter what the first
// argument is, because the hash algorithm used for authentication will be
// parsed from the incoming request signature header.
var auth = new HmacAuth(
  'sha1', config.secretKey, config.signatureHeader, config.headers);

// rawBody must be a string.
function requestHandler(req, rawBody) {
  var authenticationResult = auth.authenticateRequest(req, rawBody);

  if (authenticationResult[0] != HmacAuth.MATCH) {
    // Handle authentication failure...
  }
}

Signing outgoing requests

Do something similar to the following. rawBody must be a string.

var HmacAuth = require('hmac-authentication');
var config = require('./config.json');

var auth = new HmacAuth(
  config.digestName, config.secretKey, config.signatureHeader, config.headers);

function makeRequest(req, rawBody) {
  // Prepare request...
  auth.signRequest(req, rawBody);
}

About

Signs and authenticates HTTP requests based on a shared-secret HMAC signature

Resources

Readme

License

ISC License

Releases

4 tags

Packages

No packages published

Languages