passport-http
Advanced tools
The passport-http npm package provides HTTP Basic and Digest authentication strategies for Passport, a popular authentication middleware for Node.js. It allows you to authenticate requests using the HTTP Basic and Digest authentication schemes, which are often used for simple username and password authentication.
HTTP Basic Authentication
This feature allows you to authenticate users using HTTP Basic Authentication. The code sample demonstrates how to set up a BasicStrategy with Passport and protect an Express route.
const passport = require('passport');
const BasicStrategy = require('passport-http').BasicStrategy;
passport.use(new BasicStrategy(
function(username, password, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (!user.verifyPassword(password)) { return done(null, false); }
return done(null, user);
});
}
));
// Express route
app.get('/protected',
passport.authenticate('basic', { session: false }),
function(req, res) {
res.json({ message: 'Access granted' });
}
);HTTP Digest Authentication
This feature allows you to authenticate users using HTTP Digest Authentication. The code sample demonstrates how to set up a DigestStrategy with Passport and protect an Express route.
const passport = require('passport');
const DigestStrategy = require('passport-http').DigestStrategy;
passport.use(new DigestStrategy({ qop: 'auth' },
function(username, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
return done(null, user, user.password);
});
},
function(params, done) {
// Validate nonces as necessary
done(null, true);
}
));
// Express route
app.get('/protected',
passport.authenticate('digest', { session: false }),
function(req, res) {
res.json({ message: 'Access granted' });
}
);The passport-local package provides a simple username and password authentication strategy for Passport. Unlike passport-http, which uses HTTP Basic and Digest authentication schemes, passport-local is designed for form-based authentication, making it more suitable for web applications where users log in through a form.
The passport-jwt package allows you to authenticate users using JSON Web Tokens (JWT). This is different from passport-http, which uses HTTP Basic and Digest authentication. JWT is often used for stateless authentication in modern web applications, providing a more secure and scalable solution compared to HTTP Basic and Digest.
The passport-oauth2 package provides OAuth 2.0 authentication strategies for Passport. Unlike passport-http, which uses HTTP Basic and Digest authentication, passport-oauth2 is designed for OAuth 2.0, a more complex and secure authentication protocol often used for third-party authentication (e.g., logging in with Google or Facebook).
HTTP Basic and Digest authentication strategies for Passport.
This module lets you authenticate HTTP requests using the standard basic and digest schemes in your Node.js applications. By plugging into Passport, support for these schemes can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
$ npm install passport-http
The HTTP Basic authentication strategy authenticates users using a userid and
password. The strategy requires a verify callback, which accepts these
credentials and calls done providing a user.
passport.use(new BasicStrategy(
function(userid, password, done) {
User.findOne({ username: userid }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (!user.verifyPassword(password)) { return done(null, false); }
return done(null, user);
});
}
));
Use passport.authenticate(), specifying the 'basic' strategy, to
authenticate requests. Requests containing an 'Authorization' header do not
require session support, so the session option can be set to false.
For example, as route middleware in an Express application:
app.get('/private',
passport.authenticate('basic', { session: false }),
function(req, res) {
res.json(req.user);
});
For a complete, working example, refer to the Basic example.
The HTTP Digest authentication strategy authenticates users using a username and
password (aka shared secret). The strategy requires a secret callback, which
accepts a username and calls done providing a user and password known to the
server. The password is used to compute a hash, and authentication fails if it
does not match that contained in the request.
The strategy also accepts an optional validate callback, which receives
nonce-related params that can be further inspected to determine if the request
is valid.
passport.use(new DigestStrategy({ qop: 'auth' },
function(username, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
return done(null, user, user.password);
});
},
function(params, done) {
// validate nonces as necessary
done(null, true)
}
));
Use passport.authenticate(), specifying the 'digest' strategy, to
authenticate requests. Requests containing an 'Authorization' header do not
require session support, so the session option can be set to false.
For example, as route middleware in an Express application:
app.get('/private',
passport.authenticate('digest', { session: false }),
function(req, res) {
res.json(req.user);
});
For a complete, working example, refer to the Digest example.
$ npm install --dev
$ make test
Copyright (c) 2011-2013 Jared Hanson <http://jaredhanson.net/>
FAQs
HTTP Basic and Digest authentication strategies for Passport.
The npm package passport-http receives a total of 185,867 weekly downloads. As such, passport-http popularity was classified as popular.
We found that passport-http demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.
Security News
The Node.js TSC opted not to endorse a feature bounty program, citing concerns about incentives, governance, and project neutrality.
Research
Security News
A look at the top trends in how threat actors are weaponizing open source packages to deliver malware and persist across the software supply chain.