http-auth-utils
Advanced tools
Parse, build and deal with HTTP auth headers.
This library provide several utilities to parse and build WWW-Authenticate and Authorization headers as described per the HTTP RFC.
It is intended to be framework agnostic and could be used either on the server and the client side.
ArrayObjectParse HTTP WWW-Authenticate header contents.
Kind: static method of http-auth-utils
Returns: Object - Result of the contents parse.
Api: public
| Param | Type | Default | Description |
|---|---|---|---|
| header | string | The WWW-Authenticate header contents | |
| [authMechanisms] | Array | [BASIC, DIGEST] | Allow providing custom authentication mechanisms. |
Example
assert.equal(
parseWWWAuthenticateHeader('Basic realm="test"'), {
type: 'Basic',
data: {
realm: 'test'
}
}
);
ObjectParse HTTP Authorization header contents.
Kind: static method of http-auth-utils
Returns: Object - Result of the contents parse.
Api: public
| Param | Type | Default | Description |
|---|---|---|---|
| header | string | The Authorization header contents | |
| [authMechanisms] | Array | [BASIC, DIGEST, BEARER] | Allow custom authentication mechanisms. |
Example
assert.equal(
parseAuthorizationHeader('Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='), {
type: 'Basic',
data: {
hash: 'QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
}
}
);
ArrayNatively supported authentication mechanisms.
Kind: inner constant of http-auth-utils
Object
StringObjectStringObjectStringStringObjectObjectBasic authentication mechanism.
Kind: inner constant of http-auth-utils/mechanisms/basic
See: http://tools.ietf.org/html/rfc2617#section-2
Object
StringObjectStringObjectStringStringObjectStringThe Basic auth mechanism prefix.
Kind: static property of BASIC
ObjectParse the WWW Authenticate header rest.
Kind: static method of BASIC
Returns: Object - Object representing the result of the parse operation.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix). |
Example
assert.deepEqual(
BASIC.parseWWWAuthenticateRest('realm="perlinpinpin"'), {
realm: 'perlinpinpin'
}
);
StringBuild the WWW Authenticate header rest.
Kind: static method of BASIC
Returns: String - The built rest.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The content from wich to build the rest. |
Example
assert.equal(
BASIC.buildWWWAuthenticateRest({
realm: 'perlinpinpin'
}),
'realm="perlinpinpin"'
);
ObjectParse the Authorization header rest.
Kind: static method of BASIC
Returns: Object - Object representing the result of the parse operation {hash}.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix).) |
Example
assert.deepEqual(
BASIC.parseAuthorizationRest('QWxpIEJhYmE6b3BlbiBzZXNhbWU='), {
hash: 'QWxpIEJhYmE6b3BlbiBzZXNhbWU=',
username: 'Ali Baba',
password: 'open sesame'
}
);
StringBuild the Authorization header rest.
Kind: static method of BASIC
Returns: String - The rest built.
Api: public
| Param | Type | Description |
|---|---|---|
| content | Object | The content from wich to build the rest. |
Example
assert.equal(
BASIC.buildAuthorizationRest({
hash: 'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
}),
'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
);
StringCompute the Basic authentication hash from the given credentials.
Kind: static method of BASIC
Returns: String - The hash representing the credentials.
Api: public
| Param | Type | Description |
|---|---|---|
| credentials | Object | The credentials to encode {username, password}. |
Example
assert.equal(
BASIC.computeHash({
username: 'Ali Baba',
password: 'open sesame'
}),
'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
);
ObjectDecode the Basic hash and return the corresponding credentials.
Kind: static method of BASIC
Returns: Object - Object representing the credentials {username, password}.
Api: public
| Param | Type | Description |
|---|---|---|
| hash | String | The hash. |
Example
assert.deepEqual(
BASIC.decodeHash('QWxpIEJhYmE6b3BlbiBzZXNhbWU='), {
username: 'Ali Baba',
password: 'open sesame'
}
);
Object
StringObjectStringObjectStringObjectBearer authentication mechanism.
Kind: inner constant of http-auth-utils/mechanisms/bearer
See: https://tools.ietf.org/html/rfc6750#section-3
Object
StringObjectStringObjectStringStringThe Digest auth mechanism prefix.
Kind: static property of BEARER
ObjectParse the WWW Authenticate header rest.
Kind: static method of BEARER
Returns: Object - Object representing the result of the parse operation.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix). |
Example
assert.deepEqual(
BEARER.parseWWWAuthenticateRest(
'realm="testrealm@host.com", ' +
'scope="openid profile email"'
), {
realm: 'testrealm@host.com',
scope: 'openid profile email',
}
);
StringBuild the WWW Authenticate header rest.
Kind: static method of BEARER
Returns: String - The built rest.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The content from wich to build the rest. |
Example
assert.equal(
BEARER.buildWWWAuthenticateRest({
realm: 'testrealm@host.com',
error: 'invalid_request',
error_description: 'The access token expired',
}),
'realm="testrealm@host.com", ' +
'error="invalid_request", ' +
'error_description="The access token expired"'
);
ObjectParse the Authorization header rest.
Kind: static method of BEARER
Returns: Object - Object representing the result of the parse operation {hash}.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix).) |
Example
assert.deepEqual(
BEARER.parseAuthorizationRest('mF_9.B5f-4.1JqM'), {
hash: 'mF_9.B5f-4.1JqM',
}
);
StringBuild the Authorization header rest.
Kind: static method of BEARER
Returns: String - The rest built.
Api: public
| Param | Type | Description |
|---|---|---|
| content | Object | The content from wich to build the rest. |
Example
assert.equal(
BEARER.buildAuthorizationRest({
hash: 'mF_9.B5f-4.1JqM'
}),
'mF_9.B5f-4.1JqM=='
);
Object
StringObjectStringObjectStringStringObjectDigest authentication mechanism.
Kind: inner constant of http-auth-utils/mechanisms/digest
See
Object
StringObjectStringObjectStringStringStringThe Digest auth mechanism prefix.
Kind: static property of DIGEST
ObjectParse the WWW Authenticate header rest.
Kind: static method of DIGEST
Returns: Object - Object representing the result of the parse operation.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix). |
Example
assert.deepEqual(
DIGEST.parseWWWAuthenticateRest(
'realm="testrealm@host.com", ' +
'qop="auth, auth-int", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
), {
realm: 'testrealm@host.com',
qop: 'auth, auth-int',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
opaque: '5ccc069c403ebaf9f0171e9517f40e41'
}
);
StringBuild the WWW Authenticate header rest.
Kind: static method of DIGEST
Returns: String - The built rest.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The content from wich to build the rest. |
Example
assert.equal(
DIGEST.buildWWWAuthenticateRest({
realm: 'testrealm@host.com',
qop: 'auth, auth-int',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
opaque: '5ccc069c403ebaf9f0171e9517f40e41'
}),
'realm="testrealm@host.com", ' +
'qop="auth, auth-int", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
);
ObjectParse the Authorization header rest.
Kind: static method of DIGEST
Returns: Object - Object representing the result of the parse operation {hash}.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix).) |
Example
assert.deepEqual(
DIGEST.parseAuthorizationRest(
'username="Mufasa",' +
'realm="testrealm@host.com",' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",' +
'uri="/dir/index.html",' +
'qop="auth",' +
'nc="00000001",' +
'cnonce="0a4f113b",' +
'response="6629fae49393a05397450978507c4ef1",' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
), {
username: "Mufasa",
realm: 'testrealm@host.com',
nonce: "dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri: "/dir/index.html",
qop: 'auth',
nc: '00000001',
cnonce: "0a4f113b",
response: "6629fae49393a05397450978507c4ef1",
opaque: "5ccc069c403ebaf9f0171e9517f40e41"
}
);
StringBuild the Authorization header rest.
Kind: static method of DIGEST
Returns: String - The rest built.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The content from wich to build the rest. |
Example
assert.equal(
DIGEST.buildAuthorizationRest({
username: "Mufasa",
realm: 'testrealm@host.com',
nonce: "dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri: "/dir/index.html",
qop: 'auth',
nc: '00000001',
cnonce: "0a4f113b",
response: "6629fae49393a05397450978507c4ef1",
opaque: "5ccc069c403ebaf9f0171e9517f40e41"
}),
'username="Mufasa", ' +
'realm="testrealm@host.com", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'uri="/dir/index.html", ' +
'response="6629fae49393a05397450978507c4ef1", ' +
'cnonce="0a4f113b", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41", ' +
'qop="auth", ' +
'nc="00000001"'
);
StringCompute the Digest authentication hash from the given credentials.
Kind: static method of DIGEST
Returns: String - The hash representing the credentials.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The credentials to encode and other encoding details. |
Example
assert.equal(
DIGEST.computeHash({
username: 'Mufasa',
realm: 'testrealm@host.com',
password: 'Circle Of Life',
method: 'GET',
uri: '/dir/index.html',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
nc: '00000001',
cnonce: '0a4f113b',
qop: 'auth',
algorithm: 'md5'
}),
'6629fae49393a05397450978507c4ef1'
);
ArrayObjectParse HTTP WWW-Authenticate header contents.
Kind: static method of http-auth-utils
Returns: Object - Result of the contents parse.
Api: public
| Param | Type | Default | Description |
|---|---|---|---|
| header | string | The WWW-Authenticate header contents | |
| [authMechanisms] | Array | [BASIC, DIGEST] | Allow providing custom authentication mechanisms. |
Example
assert.equal(
parseWWWAuthenticateHeader('Basic realm="test"'), {
type: 'Basic',
data: {
realm: 'test'
}
}
);
ObjectParse HTTP Authorization header contents.
Kind: static method of http-auth-utils
Returns: Object - Result of the contents parse.
Api: public
| Param | Type | Default | Description |
|---|---|---|---|
| header | string | The Authorization header contents | |
| [authMechanisms] | Array | [BASIC, DIGEST, BEARER] | Allow custom authentication mechanisms. |
Example
assert.equal(
parseAuthorizationHeader('Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='), {
type: 'Basic',
data: {
hash: 'QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
}
}
);
ArrayNatively supported authentication mechanisms.
Kind: inner constant of http-auth-utils
Object
StringObjectStringObjectStringStringObjectObjectBasic authentication mechanism.
Kind: inner constant of http-auth-utils/mechanisms/basic
See: http://tools.ietf.org/html/rfc2617#section-2
Object
StringObjectStringObjectStringStringObjectStringThe Basic auth mechanism prefix.
Kind: static property of BASIC
ObjectParse the WWW Authenticate header rest.
Kind: static method of BASIC
Returns: Object - Object representing the result of the parse operation.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix). |
Example
assert.deepEqual(
BASIC.parseWWWAuthenticateRest('realm="perlinpinpin"'), {
realm: 'perlinpinpin'
}
);
StringBuild the WWW Authenticate header rest.
Kind: static method of BASIC
Returns: String - The built rest.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The content from wich to build the rest. |
Example
assert.equal(
BASIC.buildWWWAuthenticateRest({
realm: 'perlinpinpin'
}),
'realm="perlinpinpin"'
);
ObjectParse the Authorization header rest.
Kind: static method of BASIC
Returns: Object - Object representing the result of the parse operation {hash}.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix).) |
Example
assert.deepEqual(
BASIC.parseAuthorizationRest('QWxpIEJhYmE6b3BlbiBzZXNhbWU='), {
hash: 'QWxpIEJhYmE6b3BlbiBzZXNhbWU=',
username: 'Ali Baba',
password: 'open sesame'
}
);
StringBuild the Authorization header rest.
Kind: static method of BASIC
Returns: String - The rest built.
Api: public
| Param | Type | Description |
|---|---|---|
| content | Object | The content from wich to build the rest. |
Example
assert.equal(
BASIC.buildAuthorizationRest({
hash: 'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
}),
'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
);
StringCompute the Basic authentication hash from the given credentials.
Kind: static method of BASIC
Returns: String - The hash representing the credentials.
Api: public
| Param | Type | Description |
|---|---|---|
| credentials | Object | The credentials to encode {username, password}. |
Example
assert.equal(
BASIC.computeHash({
username: 'Ali Baba',
password: 'open sesame'
}),
'QWxpIEJhYmE6b3BlbiBzZXNhbWU='
);
ObjectDecode the Basic hash and return the corresponding credentials.
Kind: static method of BASIC
Returns: Object - Object representing the credentials {username, password}.
Api: public
| Param | Type | Description |
|---|---|---|
| hash | String | The hash. |
Example
assert.deepEqual(
BASIC.decodeHash('QWxpIEJhYmE6b3BlbiBzZXNhbWU='), {
username: 'Ali Baba',
password: 'open sesame'
}
);
Object
StringObjectStringObjectStringObjectBearer authentication mechanism.
Kind: inner constant of http-auth-utils/mechanisms/bearer
See: https://tools.ietf.org/html/rfc6750#section-3
Object
StringObjectStringObjectStringStringThe Digest auth mechanism prefix.
Kind: static property of BEARER
ObjectParse the WWW Authenticate header rest.
Kind: static method of BEARER
Returns: Object - Object representing the result of the parse operation.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix). |
Example
assert.deepEqual(
BEARER.parseWWWAuthenticateRest(
'realm="testrealm@host.com", ' +
'scope="openid profile email"'
), {
realm: 'testrealm@host.com',
scope: 'openid profile email',
}
);
StringBuild the WWW Authenticate header rest.
Kind: static method of BEARER
Returns: String - The built rest.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The content from wich to build the rest. |
Example
assert.equal(
BEARER.buildWWWAuthenticateRest({
realm: 'testrealm@host.com',
error: 'invalid_request',
error_description: 'The access token expired',
}),
'realm="testrealm@host.com", ' +
'error="invalid_request", ' +
'error_description="The access token expired"'
);
ObjectParse the Authorization header rest.
Kind: static method of BEARER
Returns: Object - Object representing the result of the parse operation {hash}.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix).) |
Example
assert.deepEqual(
BEARER.parseAuthorizationRest('mF_9.B5f-4.1JqM'), {
hash: 'mF_9.B5f-4.1JqM',
}
);
StringBuild the Authorization header rest.
Kind: static method of BEARER
Returns: String - The rest built.
Api: public
| Param | Type | Description |
|---|---|---|
| content | Object | The content from wich to build the rest. |
Example
assert.equal(
BEARER.buildAuthorizationRest({
hash: 'mF_9.B5f-4.1JqM'
}),
'mF_9.B5f-4.1JqM=='
);
Object
StringObjectStringObjectStringStringObjectDigest authentication mechanism.
Kind: inner constant of http-auth-utils/mechanisms/digest
See
Object
StringObjectStringObjectStringStringStringThe Digest auth mechanism prefix.
Kind: static property of DIGEST
ObjectParse the WWW Authenticate header rest.
Kind: static method of DIGEST
Returns: Object - Object representing the result of the parse operation.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix). |
Example
assert.deepEqual(
DIGEST.parseWWWAuthenticateRest(
'realm="testrealm@host.com", ' +
'qop="auth, auth-int", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
), {
realm: 'testrealm@host.com',
qop: 'auth, auth-int',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
opaque: '5ccc069c403ebaf9f0171e9517f40e41'
}
);
StringBuild the WWW Authenticate header rest.
Kind: static method of DIGEST
Returns: String - The built rest.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The content from wich to build the rest. |
Example
assert.equal(
DIGEST.buildWWWAuthenticateRest({
realm: 'testrealm@host.com',
qop: 'auth, auth-int',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
opaque: '5ccc069c403ebaf9f0171e9517f40e41'
}),
'realm="testrealm@host.com", ' +
'qop="auth, auth-int", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
);
ObjectParse the Authorization header rest.
Kind: static method of DIGEST
Returns: Object - Object representing the result of the parse operation {hash}.
Api: public
| Param | Type | Description |
|---|---|---|
| rest | String | The header rest (string after the authentication mechanism prefix).) |
Example
assert.deepEqual(
DIGEST.parseAuthorizationRest(
'username="Mufasa",' +
'realm="testrealm@host.com",' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",' +
'uri="/dir/index.html",' +
'qop="auth",' +
'nc="00000001",' +
'cnonce="0a4f113b",' +
'response="6629fae49393a05397450978507c4ef1",' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
), {
username: "Mufasa",
realm: 'testrealm@host.com',
nonce: "dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri: "/dir/index.html",
qop: 'auth',
nc: '00000001',
cnonce: "0a4f113b",
response: "6629fae49393a05397450978507c4ef1",
opaque: "5ccc069c403ebaf9f0171e9517f40e41"
}
);
StringBuild the Authorization header rest.
Kind: static method of DIGEST
Returns: String - The rest built.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The content from wich to build the rest. |
Example
assert.equal(
DIGEST.buildAuthorizationRest({
username: "Mufasa",
realm: 'testrealm@host.com',
nonce: "dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri: "/dir/index.html",
qop: 'auth',
nc: '00000001',
cnonce: "0a4f113b",
response: "6629fae49393a05397450978507c4ef1",
opaque: "5ccc069c403ebaf9f0171e9517f40e41"
}),
'username="Mufasa", ' +
'realm="testrealm@host.com", ' +
'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' +
'uri="/dir/index.html", ' +
'response="6629fae49393a05397450978507c4ef1", ' +
'cnonce="0a4f113b", ' +
'opaque="5ccc069c403ebaf9f0171e9517f40e41", ' +
'qop="auth", ' +
'nc="00000001"'
);
StringCompute the Digest authentication hash from the given credentials.
Kind: static method of DIGEST
Returns: String - The hash representing the credentials.
Api: public
| Param | Type | Description |
|---|---|---|
| data | Object | The credentials to encode and other encoding details. |
Example
assert.equal(
DIGEST.computeHash({
username: 'Mufasa',
realm: 'testrealm@host.com',
password: 'Circle Of Life',
method: 'GET',
uri: '/dir/index.html',
nonce: 'dcd98b7102dd2f0e8b11d0f600bfb0c093',
nc: '00000001',
cnonce: '0a4f113b',
qop: 'auth',
algorithm: 'md5'
}),
'6629fae49393a05397450978507c4ef1'
);
FAQs
Parse, build and deal with HTTP authorization headers.
The npm package http-auth-utils receives a total of 10,884 weekly downloads. As such, http-auth-utils popularity was classified as popular.
We found that http-auth-utils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.