Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@deephaven/auth-plugins
Advanced tools
Authentication plugins for Deephaven. Used by AuthBootstrap to provide default authentication if no custom plugins are loaded. For mode details on custom plugins, see deephaven-js-plugins repository.
npm install --save @deephaven/auth-plugins
Export an AuthPlugin
from a module to register an authentication plugin. Authentication plugins must implement the AuthPlugin interface. Authentication plugins can display a UI which then triggers how to login.
The Web UI loads all plugins on initialization, and uses the first available authentication plugin for authenticating. A sequence diagram of this flow at a high level, where AuthPlugin
is the first authentication plugin that returns true when the isAvailable
method is called.
sequenceDiagram
participant U as User
participant W as Web UI
participant P as AuthPlugin
participant S as Server
U->>W: Open app
activate W
W->>S: Load plugin modules
S-->>W: PluginModule[]
W->>S: client.getAuthConfigValues()
S-->>W: Auth config [string, string][]
W->>W: Select first available AuthPlugin
deactivate W
W->>P: Login
P->>S: client.login()
S-->>P: Login success
P-->>W: Login success
Below are some sequence diagrams for some of the included Auth Plugins.
sequenceDiagram
participant W as Web UI
participant P as AuthPluginPsk
participant J as JS API
W->>P: Login
alt Key in query string
P->>J: client.login(key)
else Prompt user for key
P->>P: Prompt for key
P->>J: client.login(key)
end
J-->>P: Login success
P-->>W: Login success
Composite plugin giving the user the choice of logging in with a password or logging in anonymously
sequenceDiagram
participant W as Web UI
participant CP as CompositePlugin
participant AP as AnonymousPlugin
participant PP as PasswordPlugin
participant J as JS API
W->>CP: Login
CP->>CP: Prompt for authentication method
activate CP
alt Password login
activate PP
loop Until success
PP->>PP: Show Login UI
PP->>J: client.login(password)
alt Login success
J-->>PP: Login success
else Login failure
J-->>PP: Login failure
PP->>PP: Show login error
end
end
PP-->>CP: Login success
deactivate PP
else Anonymous login
activate AP
AP->>J: client.login(anonymous)
J-->>AP: Login success
AP-->>CP: Login success
deactivate AP
end
CP-->>W: Login success
deactivate CP
Translation of flow from https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow, showing which responsibilities login plugin handles. Note that the plugins need to be loaded initially prior to redirecting to the authorization prompt, and then again after redirecting back to the Web UI. For a specific example using Keycloak, see AuthPluginKeycloak.
sequenceDiagram
participant U as User
participant W as Web UI
participant S as Server
participant P as Auth0Plugin
participant T as Auth0 Tenant
participant J as JS API
U->>W: Open app
W->>W: Select first available AuthPlugin
W->>P: Login
P->>T: Authorization code request to /authorize
T->>U: Redirect to login/authorization prompt
U-->>T: Authenticate and Consent
T->>W: Authorization code
W->>W: Select first available AuthPlugin
W->>P: Login
P->>T: Authorization Code + Client ID + Client Secret to /oauth/token
T->>T: Validate Authorization Code + Client ID + Client Secret
T-->>P: ID Token and Access Token
P->>J: client.login(token)
J-->>P: Login success
P-->>W: Login success
Deephaven Data Labs and any contributors grant you a license to the content of this repository under the Apache 2.0 License, see the LICENSE file.
FAQs
Deephaven Auth Plugins
The npm package @deephaven/auth-plugins receives a total of 616 weekly downloads. As such, @deephaven/auth-plugins popularity was classified as not popular.
We found that @deephaven/auth-plugins demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.