artnum/menshen

Authentication

Maintainers

Details

github.com/artnum/Menshen

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

Language:JavaScript

v1.0.0 2021-10-04 09:08 UTC

Requires

MIT 80e657620435bcbfe01e04138703f8e514278bda

Authentication

This package is auto-updated.

Last update: 2025-01-04 16:26:13 UTC

README

Authentication mechanism for the web using private/public key pair.

Stateless

This mechanism is not meant to provide a secure session, only authenticated request. The client use the HTTP header Authorization to add relevant information about the signature. Signature are RSA-PSS, most parameters can be tuned by the client. The server handle only a "client id" and the associate public key.

Privacy

The client never need to share the private key with the server. The client handle its private key as it sees fit.$

Simple

As the server just need to hash some header and verify it against a given signature, it can be added easly on almost anything without too much modification. As the private key can be in a file, embbed in an URL or a QR Code, it can provide a password-less experience for the user. Once the user register, he received a link with embbed private key. On the first log in, a new pair is generated, the public key is sent to the server, the private one is stored in the IndexedDB of the navigator and a quite secure authentication is set. A password on the private key can be, of course, set for added security.