README
Passwordless auth for node applications
This module provides simple passwordless auth service using Virgil Public Keys infrastructure.
Installation
npm install virgil-passwordless
Usage
Initialize service
var VirgilPasswordless = require('virgil-passwordless');
var appToken = '1b79865e30978ec2ec9a83a44916b0a5';
var passwordless = new VirgilPasswordless(appToken);
Generate encrypted auth handshake token for email
var userEmail = 'user@example.com';
passwordless.generateToken(userEmail, function afterTokenGenerated (err, payload) {
// payload = {
// encrypted_token: '91v2j39182jd39182jd1323c8j23c49...',
// public_key_id: 'vj32r-23e3ev-cece3-23gvc-423v'
// }
});
What's inside
- Using given email retrive public key from Virgil public keys service
- Generate random token token and encrypt it using retrived public key
- Store token in local storage (memory or custom storage passed to constructor)
- Schedule token expiration (default timeout is 120 seconds)
Possible errors
Error | Code |
---|---|
Public key lookup error | 1 |
Storage set error | 2 |
Verify decrypted token retrieved from the client
passwordless.verifyToken(userEmail, decryptedToken, function afterVerification (err) {
// if err is null then verification was successfully passed
});
What's inside
- Pick original token from storage
- Compare origin token and
decryptedToken
passed to function - Remove token from storage (even in case if compare failure)
Possible errors
Error | Code |
---|---|
Storage get error | 3 |
Token not found | 4 |
Tokens not match | 5 |
Storage unset error | 6 |
Custom store for tokens
You can use custom store for tokens
new VirgilPasswordless(appToken, {
store: customStore
});
Store should implement node-style callbacks based interface, example of implementation:
var store = {
cache: {},
get: function get (key, cb) {
cb(null, cache[key]);
},
set: function set (key, value, cb) {
this.cache[key] = value;
cb(null);
},
unset: function unset (key, cb) {
delete this.cache[key];
cb(null);
}
};
Token expire time
You can specify token expire time in ms
new VirgilPasswordless(appToken, {
expireTimeout: 60000 // ms
});
License
BSD 3-Clause. See LICENSE for details.
Contacts
Email: support@virgilsecurity.com