Awesome
Node SecureLogin
A tiny module used to verify SecureLogin tokens.
For a more complete and high-level module, try using passport-securelogin.
Installation
npm install securelogin --save
Usage
const SecureLogin = require('securelogin');
const sltoken = 'https%3A%2F%2Fmy.app%252Chttps%3A%2F%2Fmy.app%2Fsecurelogin%252C%252C1496586322%2C2YNnncbnq7won%2B13AzJJqeBRREA9CTjYq%2FDwuGQAGy8LaQGnuH6OE10oLxV4kgJJhflnqdu0qY8bBC08v969Cg%3D%3D%252C%2Fbf0P0dBdDcQlak07UZpR4YnzPc2qw40jCSz1NAuw%2Bs%3D%2Ckdbjcc08YBKWdCY56lQJIi92wcGOW%2BKcMvbSgHN6WbU%3D%252C1uP20QU%2BWYvFf1KAxn3Re0ZYd2pm5vLdQhgkXTCjl44%3D%2Chomakov%40gmail.com';
SecureLogin.verify(decodeURIComponent(sltoken), {
origins: 'https://my.app/',
ignoreExpiration: true
});
/**
* { email: 'homakov@gmail.com',
* message:
* { _raw: 'https://my.app,https://my.app/securelogin,,1496586322',
* provider: 'https://my.app',
* client: 'https://my.app/securelogin',
* scope: { _raw: '' },
* expiration: '1496586322' },
* signatures:
* { signature: '2YNnncbnq7won+13AzJJqeBRREA9CTjYq/DwuGQAGy8LaQGnuH6OE10oLxV4kgJJhflnqdu0qY8bBC08v969Cg==',
* hmac: '/bf0P0dBdDcQlak07UZpR4YnzPc2qw40jCSz1NAuw+s=' },
* authkeys:
* { public: 'kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=',
* secret: '1uP20QU+WYvFf1KAxn3Re0ZYd2pm5vLdQhgkXTCjl44=' } }
*/
API Reference
parse(sltoken)
sltoken
- A SecureLogin token
Parses a SecureLogin token and returns an object with the token's contents.
Example return data:
{
email: 'example@email.com',
message: {
_raw: 'http://localhost:3001,http://localhost:3001,,4651339663',
provider: 'http://localhost:3001',
client: 'http://localhost:3001',
scope: { _raw: '' },
expiration: '4651339663'
},
signatures: {
signature: 'gjs+D1dTCf8FFHWmQizu7Nlt9uVm4jRhEG3J96gzktGKj5IkQcOb+qkJyTEBt9LY99pqqNrtKwxXNrlRyvocAA==',
hmac: 'UNKOGVd/odZL071ic8sGijtAuBF6Jc262nSAI4O+El4='
},
authkeys: {
public: 'FPS/onjSa0ojlSzp9zXEiot5MgZcMwXR0sAIdgJMxaE=',
secret: 'bruQ61utUBPay5QJ6Rity4S6AW+sma4NTt+7udhMveM='
}
}
verify(sltoken[, options])
sltoken
- A SecureLogin tokenoptions
- (optional) An object containing zero or more optionsorigins
- A string or array of strings containing acceptable client/provider domain(s)ignoreProvider
- Ignore provider domain nameignoreClient
- Ignore client domain nameignoreExpiration
- Ignore the token expiration date
Verifies a SecureLogin token and, if successful, returns the parsed object (see
parse
method above). If unsuccessful, returns an object
with the errors
property, an array of errors that occurred while parsing the
token.