A tiny module used to verify SecureLogin tokens
MIT License
A tiny module used to verify SecureLogin tokens.
For a more complete and high-level module, try using passport-securelogin.
npm install securelogin --save
const SecureLogin = require('securelogin');
const sltoken = 'https%3A%2F%2Fmy.app%252Chttps%3A%2F%2Fmy.app%2Fsecurelogin%252C%252C1496586322%2C2YNnncbnq7won%2B13AzJJqeBRREA9CTjYq%2FDwuGQAGy8LaQGnuH6OE10oLxV4kgJJhflnqdu0qY8bBC08v969Cg%3D%3D%252C%2Fbf0P0dBdDcQlak07UZpR4YnzPc2qw40jCSz1NAuw%2Bs%3D%2Ckdbjcc08YBKWdCY56lQJIi92wcGOW%2BKcMvbSgHN6WbU%3D%252C1uP20QU%2BWYvFf1KAxn3Re0ZYd2pm5vLdQhgkXTCjl44%3D%2Chomakov%40gmail.com';
SecureLogin.verify(decodeURIComponent(sltoken), {
origins: 'https://my.app/',
ignoreExpiration: true
});
/**
* { email: '[email protected]',
* message:
* { _raw: 'https://my.app,https://my.app/securelogin,,1496586322',
* provider: 'https://my.app',
* client: 'https://my.app/securelogin',
* scope: { _raw: '' },
* expiration: '1496586322' },
* signatures:
* { signature: '2YNnncbnq7won+13AzJJqeBRREA9CTjYq/DwuGQAGy8LaQGnuH6OE10oLxV4kgJJhflnqdu0qY8bBC08v969Cg==',
* hmac: '/bf0P0dBdDcQlak07UZpR4YnzPc2qw40jCSz1NAuw+s=' },
* authkeys:
* { public: 'kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=',
* secret: '1uP20QU+WYvFf1KAxn3Re0ZYd2pm5vLdQhgkXTCjl44=' } }
*/
sltoken
- A SecureLogin tokenParses a SecureLogin token and returns an object with the token's contents.
Example return data:
{
email: '[email protected]',
message: {
_raw: 'http://localhost:3001,http://localhost:3001,,4651339663',
provider: 'http://localhost:3001',
client: 'http://localhost:3001',
scope: { _raw: '' },
expiration: '4651339663'
},
signatures: {
signature: 'gjs+D1dTCf8FFHWmQizu7Nlt9uVm4jRhEG3J96gzktGKj5IkQcOb+qkJyTEBt9LY99pqqNrtKwxXNrlRyvocAA==',
hmac: 'UNKOGVd/odZL071ic8sGijtAuBF6Jc262nSAI4O+El4='
},
authkeys: {
public: 'FPS/onjSa0ojlSzp9zXEiot5MgZcMwXR0sAIdgJMxaE=',
secret: 'bruQ61utUBPay5QJ6Rity4S6AW+sma4NTt+7udhMveM='
}
}
sltoken
- A SecureLogin tokenoptions
- (optional) An object containing zero or more options
origins
- A string or array of strings containing acceptableignoreProvider
- Ignore provider domain nameignoreClient
- Ignore client domain nameignoreExpiration
- Ignore the token expiration dateVerifies a SecureLogin token and, if successful, returns the parsed object (see
parse
method above). If unsuccessful, returns an object
with the errors
property, an array of errors that occurred while parsing the
token.