hmac-authentication
Advanced tools
Signs and validates HTTP requests based on a shared-secret HMAC signature
Signs and authenticates HTTP requests based on a shared-secret HMAC signature.
Developed in parallel with the following packages for other languages:
$ npm install hmac-authentication --save
Assuming you're using Express, during
initialization of your application, where config.signatureHeader identifies
the header containing the message signature, config.headers is a list of
headers factored into the signature, and config.secretKey is the shared
secret between your application and the service making the request:
var express = require('express');
var bodyParser = require('bodyParser');
var HmacAuth = require('hmac-authentication');
var config = require('./config.json');
function doLaunch(config) {
var middlewareOptions = {
verify: HmacAuth.middlewareAuthenticator(
config.secretKey, config.signatureHeader, config.headers)
};
var server = express();
server.use(bodyParser.raw(middlewareOptions));
// Continue server initialization...
}
If you're not using Express, you can use something similar to the following:
var HmacAuth = require('hmac-authentication');
var config = require('./config.json');
// When only used for authentication, it doesn't matter what the first
// argument is, because the hash algorithm used for authentication will be
// parsed from the incoming request signature header.
var auth = new HmacAuth(
'sha1', config.secretKey, config.signatureHeader, config.headers);
// rawBody must be a string.
function requestHandler(req, rawBody) {
var authenticationResult = auth.authenticateRequest(req, rawBody);
if (authenticationResult[0] != HmacAuth.MATCH) {
// Handle authentication failure...
}
}
Do something similar to the following. rawBody must be a string.
var HmacAuth = require('hmac-authentication');
var config = require('./config.json');
var auth = new HmacAuth(
config.digestName, config.secretKey, config.signatureHeader, config.headers);
function makeRequest(req, rawBody) {
// Prepare request...
auth.signRequest(req, rawBody);
}
This project is in the worldwide public domain. As stated in CONTRIBUTING:
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
FAQs
Signs and validates HTTP requests based on a shared-secret HMAC signature
The npm package hmac-authentication receives a total of 29 weekly downloads. As such, hmac-authentication popularity was classified as not popular.
We found that hmac-authentication demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.