@artsy/passport-local-with-otp
Local username, password and otp authentication strategy for Passport.
Last updated 3 months ago by artsy-engineering .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install @artsy/passport-local-with-otp 
SYNC missed versions from official npm registry.

passport-local-with-otp Artsy

Passport strategy for authenticating with a username, password and OTP.

This module lets you authenticate using a username, password and time-based one-time password (OTP) in your Node.js applications.

This is a fork of https://github.com/jaredhanson/passport-local, adapted for the use case of submitting username, password and otp in unison to an upstream server for authentication and second-factor verification in a single request.

Meta

Install

$ yarn add passport-local-with-otp

Usage

Configure Strategy

The local-with-otp authentication strategy authenticates users using a username password, and otp. The strategy requires a verify callback, which accepts these credentials and calls done providing a user.

passport.use(new LocalWithOtpStrategy(
  function(username, password, otp, done) {
    try {
      const user = authenticateWithUpstreamService(username, password, otp)
      return done(null, user)
    } catch (error) {
      return done(err)
    }
  }
));
Available Options

This strategy takes an optional options hash before the function, e.g. new LocalWithOtpStrategy({/* options */, callback}).

The available options are:

  • usernameField - Optional, defaults to 'username'
  • passwordField - Optional, defaults to 'password'
  • otpField - Optional, defaults to 'otp'

Both fields define the name of the properties in the POST body that are sent to the server.

Parameters

By default, **Local**WithOtpStrategy expects to find credentials in parameters named username, password and otp. If your site prefers to name these fields differently, options are available to change the defaults.

passport.use(new LocalWithOtpStrategy({
    usernameField: 'email',
    passwordField: 'passwd',
    otpField: 'otp_attempt',
    session: false
  },
  function(username, password, done) {
    // ...
  }
));

When session support is not necessary, it can be safely disabled by setting the session option to false.

The verify callback can be supplied with the request object by setting the passReqToCallback option to true, and changing callback arguments accordingly.

passport.use(new LocalWithOtpStrategy({
    usernameField: 'email',
    passwordField: 'passwd',
    otpField: 'otp_attempt',
    passReqToCallback: true,
    session: false
  },
  function(req, username, password, done) {
    // request object is now first argument
    // ...
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'local-with-otp' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.post('/login',
  passport.authenticate('local', { failureRedirect: '/login' }),
  function(req, res) {
    res.redirect('/');
  });

Examples

Developers using the popular Express web framework can refer to an example as a starting point for their own web applications.

License

The MIT License

Copyright (c) 2011-2015 Jared Hanson <http://jaredhanson.net/>

Current Tags

  • 0.3.1                                ...           latest (3 months ago)

2 Versions

  • 0.3.1                                ...           3 months ago
  • 0.3.0                                ...           3 months ago
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 0
Dependencies (1)
Dev Dependencies (6)
Dependents (1)

Copyright 2014 - 2017 © taobao.org |