http-auth-utils
Advanced tools
This library provide several utils to parse and build WWW-Authenticate and Authorization headers as described per the HTTP RFC.
This library is intended to be framework agnostic and could be used either on the server and the client side.
Since this library is in an early development stage, please don't use it until you really not care of API changes.
Running tests:
npm test
Generating docs:
cat src/index.js src/mecanisms/basic.js src/mecanisms/digest.js | npm run cli -- jsdoc2md > API.md
To contribute to this project, you must accept to publish it under the MIT Licence.
ArrayObjectObjectArrayNatively supported authentication mecanisms.
Kind: static constant of http-auth-utils
See: The Basic http-auth-utils/mecanisms/basic and Digest http-auth-utils/mecanisms/digest
ObjectParse HTTP WWW-Authenticate header contents.
Kind: static constant of http-auth-utils
Returns: Object - Result of the contents parse.
Api: public
| Param | Type | Default | Description |
|---|---|---|---|
| header | string | The WWW-Authenticate header contents | |
| [authMecanisms] | Array | [BASIC, DIGEST] | Allow providing custom authentication mecanisms. |
Example
assert.equal(
parseWWWAuthenticateHeader('Basic realm="test"'), {
type: 'Basic',
data: {
realm: 'test'
}
}
);
ObjectParse HTTP Authorization header contents.
Kind: static constant of http-auth-utils
Returns: Object - Result of the contents parse.
Api: public
| Param | Type | Default | Description |
|---|---|---|---|
| header | string | The Authorization header contents | |
| [authMecanisms] | Array | [BASIC, DIGEST] | Allow providing custom authentication mecanisms. |
Example
assert.equal(
parseAuthorizationHeader('Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='), {
type: 'Basic',
data: {
hash: 'QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
}
}
);
Object
StringObjectStringObjectStringStringObjectObjectBasic authentication mecanism.
Kind: inner constant of http-auth-utils/mecanisms/basic
See: http://tools.ietf.org/html/rfc2617#section-2
Object
StringObjectStringObjectStringStringObjectStringThe Basic auth mecanism prefix.
Kind: static property of BASIC
ObjectParse the WWW Authenticate header rest.
Kind: static method of BASIC
Returns: Object - Object representing the result of the parse operation.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string got after removing the authentication mecanism prefix). |
Example
assert.deepEqual(
BASIC.parseWWWAuthenticateRest('realm="perlinpinpin"'), {
realm: 'perlinpinpin'
}
);
StringBuild the WWW Authenticate header rest.
Kind: static method of BASIC
Returns: String - The built rest.
Api: public
| Param | Type | Description |
|---|---|---|
| content | Object | The content from wich to build the rest. |
Example
assert.equal(
BASIC.buildWWWAuthenticateRest({
realm: 'perlinpinpin'
}),
'realm="perlinpinpin"'
);
ObjectParse the Authorization header rest.
Kind: static method of BASIC
Returns: Object - Object representing the result of the parse operation {hash}.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string got after removing the authentication mecanism prefix).) |
Example
assert.deepEqual(
BASIC.parseAuthorizationRest('QWxhZGRpbjpvcGVuIHNlc2FtZQ=='), {
hash: 'QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
}
);
StringBuild the Authorization header rest.
Kind: static method of BASIC
Returns: String - The rest built.
Api: public
| Param | Type | Description |
|---|---|---|
| content | Object | The content from wich to build the rest. |
Example
assert.equal(
BASIC.buildAuthorizationRest({
hash: 'QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
}),
'QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
);
StringCompute the Basic authentication hash from the given credentials.
Kind: static method of BASIC
Returns: String - The hash representing the credentials.
Api: public
| Param | Type | Description |
|---|---|---|
| credentials | Object | The credentials to encode {username, password}. |
Example
assert.equal(
BASIC.computeHash({
username: 'Aladdin',
password: 'open sesame'
}),
'QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
);
ObjectDecode the Basic hash and return the corresponding credentials.
Kind: static method of BASIC
Returns: Object - Object representing the credentials {username, password}.
Api: public
| Param | Type | Description |
|---|---|---|
| hash | String | The hash. |
Example
assert.deepEqual(
BASIC.decodeHash('QWxhZGRpbjpvcGVuIHNlc2FtZQ=='), {
username: 'Aladdin',
password: 'open sesame'
}
);
Object
StringObjectStringObjectStringStringObjectDigest authentication mecanism.
Kind: inner constant of http-auth-utils/mecanisms/digest
See
Object
StringObjectStringObjectStringStringStringThe Digest auth mecanism prefix.
Kind: static property of DIGEST
ObjectParse the WWW Authenticate header rest.
Kind: static method of DIGEST
Returns: Object - Object representing the result of the parse operation.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string got after removing the authentication mecanism prefix). |
Example
assert.deepEqual(
DIGEST.parseWWWAuthenticateRest(
'realm="testrealm@host.com", ' +
'qop="auth, auth-int", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
), {
realm: 'testrealm@host.com',
qop: 'auth, auth-int',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
opaque: '5ccc069c403ebaf9f0171e9517f40e41'
}
);
StringBuild the WWW Authenticate header rest.
Kind: static method of DIGEST
Returns: String - The built rest.
Api: public
| Param | Type | Description |
|---|---|---|
| content | Object | The content from wich to build the rest. |
Example
assert.equal(
DIGEST.buildWWWAuthenticateRest({
realm: 'testrealm@host.com',
qop: 'auth, auth-int',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
opaque: '5ccc069c403ebaf9f0171e9517f40e41'
}),
'realm="testrealm@host.com", ' +
'qop="auth, auth-int", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
);
ObjectParse the Authorization header rest.
Kind: static method of DIGEST
Returns: Object - Object representing the result of the parse operation {hash}.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string got after removing the authentication mecanism prefix).) |
Example
assert.deepEqual(
DIGEST.parseAuthorizationRest(
'username="Mufasa",' +
'realm="testrealm@host.com",' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",' +
'uri="/dir/index.html",' +
'qop="auth",' +
'nc="00000001",' +
'cnonce="0a4f113b",' +
'response="6629fae49393a05397450978507c4ef1",' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
), {
username: "Mufasa",
realm: 'testrealm@host.com',
nonce: "dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri: "/dir/index.html",
qop: 'auth',
nc: '00000001',
cnonce: "0a4f113b",
response: "6629fae49393a05397450978507c4ef1",
opaque: "5ccc069c403ebaf9f0171e9517f40e41"
}
);
StringBuild the Authorization header rest.
Kind: static method of DIGEST
Returns: String - The rest built.
Api: public
| Param | Type | Description |
|---|---|---|
| content | Object | The content from wich to build the rest. |
Example
assert.equal(
DIGEST.buildAuthorizationRest({
username: "Mufasa",
realm: 'testrealm@host.com',
nonce: "dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri: "/dir/index.html",
qop: 'auth',
nc: '00000001',
cnonce: "0a4f113b",
response: "6629fae49393a05397450978507c4ef1",
opaque: "5ccc069c403ebaf9f0171e9517f40e41"
}),
'username="Mufasa", ' +
'realm="testrealm@host.com", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'uri="/dir/index.html", ' +
'response="6629fae49393a05397450978507c4ef1", ' +
'cnonce="0a4f113b", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41", ' +
'qop="auth", ' +
'nc="00000001"'
);
StringCompute the Digest authentication hash from the given credentials.
Kind: static method of DIGEST
Returns: String - The hash representing the credentials.
Api: public
| Param | Type | Description |
|---|---|---|
| credentials | Object | The credentials to encode and other encoding details. |
Example
assert.equal(
DIGEST.computeHash({
username: 'Mufasa',
realm: 'testrealm@host.com',
password: 'Circle Of Life',
method: 'GET',
uri: '/dir/index.html',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
nc: '00000001',
cnonce: '0a4f113b',
qop: 'auth',
algorithm: 'md5'
}),
'6629fae49393a05397450978507c4ef1'
);
v0.0.1 (2015/05/31 20:40 +00:00)
FAQs
Parse, build and deal with HTTP authorization headers.
The npm package http-auth-utils receives a total of 5,524 weekly downloads. As such, http-auth-utils popularity was classified as popular.
We found that http-auth-utils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.