Passport strategy for authenticating using client certificates.
Switch branches/tags
Nothing to show
Clone or download
Alan Cohen
Alan Cohen Add npm status badge
Fix README install
Latest commit fbf73c4 Feb 18, 2016
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
test Make API compatible with existing node module Feb 18, 2016
.eslintrc Initial commit Feb 16, 2016
.gitignore Initial commit Feb 16, 2016
.npmignore Initial commit Feb 16, 2016
README.md Add npm status badge Feb 18, 2016
circle.yml Initial commit Feb 16, 2016
index.js Initial commit Feb 16, 2016
npmrc-env Initial commit Feb 16, 2016
package.json Add npm status badge Feb 18, 2016
strategy.js Make API compatible with existing node module Feb 18, 2016

README.md

passport-client-certificate npm circle coveralls

Passport strategy for authenticating using client certificates.

This module lets you authenticate using client certificates in Node.js applications. Client certificate authentication can be added any application or framework that supports Connect-style middleware, including Express. Optionally, using koa-passport it can be integrated into Koa

Install

$ npm install passport-client-certificate

Usage

Configure Strategy

The client cert authentication strategy authenticates requests based on the client certificate credentials submitted in the TLS handshake

Applications must supply a verify callback which accepts the client certificate. It then calls the done callback supplying a user. User should be set to false if the credentials are not valid. If an exception occured, err should be set.

Options: - passReqToCallback when true, req is the first argument to the verify callback (default: false)

Examples:

  passport.use(new ClientCertStrategy(
    function (certificate, done) {
      if (!config.auth.client_certificates_enabled) {
        return done(new UnauthorizedError('Unsupported authentication method'))
      }

      const fingerprint = clientCert.fingerprint.toUpperCase()
      Account.findByFingerprint(fingerprint)
        .then(function (userObj) {
          if (!userObj || userObj.is_disabled || userObj.fingerprint !== fingerprint) {
            return done(new UnauthorizedError('Unknown or invalid account'))
          }
          done(null, userObj)
        })
    }))

Authenticate Requests

Use passport.authenticate(), specifying the 'client-cert' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.post('/login',
  passport.authenticate('client-cert', { failureRedirect: '/login' }),
  function(req, res) {
    res.redirect('/');
  });

Tests

$ npm install
$ npm test

Credits

Setting up certificates for the test application is based on https://github.com/anders94/https-authorized-clients/.