virgil-passwordlessdeprecated

Passwordless auth utils using Virgil public keys service

Usage no npm install needed!

<script type="module">
  import virgilPasswordless from 'https://cdn.skypack.dev/virgil-passwordless';
</script>

README

Passwordless auth for node applications

This module provides simple passwordless auth service using Virgil Public Keys infrastructure.

Installation

npm install virgil-passwordless

Usage

Initialize service

var VirgilPasswordless = require('virgil-passwordless');
var appToken = '1b79865e30978ec2ec9a83a44916b0a5';
var passwordless = new VirgilPasswordless(appToken);

Generate encrypted auth handshake token for email

var userEmail = 'user@example.com';
passwordless.generateToken(userEmail, function afterTokenGenerated (err, payload) {
    // payload = {
    //     encrypted_token: '91v2j39182jd39182jd1323c8j23c49...',
    //     public_key_id: 'vj32r-23e3ev-cece3-23gvc-423v'
    // }
});

What's inside

  1. Using given email retrive public key from Virgil public keys service
  2. Generate random token token and encrypt it using retrived public key
  3. Store token in local storage (memory or custom storage passed to constructor)
  4. Schedule token expiration (default timeout is 120 seconds)

Possible errors

Error Code
Public key lookup error 1
Storage set error 2

Verify decrypted token retrieved from the client

passwordless.verifyToken(userEmail, decryptedToken, function afterVerification (err) {
    // if err is null then verification was successfully passed
});

What's inside

  1. Pick original token from storage
  2. Compare origin token and decryptedToken passed to function
  3. Remove token from storage (even in case if compare failure)

Possible errors

Error Code
Storage get error 3
Token not found 4
Tokens not match 5
Storage unset error 6

Custom store for tokens

You can use custom store for tokens

new VirgilPasswordless(appToken, {
    store: customStore
});

Store should implement node-style callbacks based interface, example of implementation:

var store = {
    cache: {},
    get: function get (key, cb) {
        cb(null, cache[key]);
    },
    set: function set (key, value, cb) {
        this.cache[key] = value;
        cb(null);
    },
    unset: function unset (key, cb) {
        delete this.cache[key];
        cb(null);
    }
};

Token expire time

You can specify token expire time in ms

new VirgilPasswordless(appToken, {
    expireTimeout: 60000 // ms
});

License

BSD 3-Clause. See LICENSE for details.

Contacts

Email: support@virgilsecurity.com