auth-header

WebJar for auth-header

License

License

GroupId

GroupId

org.webjars.npm
ArtifactId

ArtifactId

auth-header
Last Version

Last Version

1.0.0
Release Date

Release Date

Type

Type

jar
Description

Description

auth-header
WebJar for auth-header
Project URL

Project URL

http://webjars.org
Source Code Management

Source Code Management

https://github.com/izaakschroeder/auth-header

Download auth-header

How to add to project

<!-- https://jarcasting.com/artifacts/org.webjars.npm/auth-header/ -->
<dependency>
    <groupId>org.webjars.npm</groupId>
    <artifactId>auth-header</artifactId>
    <version>1.0.0</version>
</dependency>
// https://jarcasting.com/artifacts/org.webjars.npm/auth-header/
implementation 'org.webjars.npm:auth-header:1.0.0'
// https://jarcasting.com/artifacts/org.webjars.npm/auth-header/
implementation ("org.webjars.npm:auth-header:1.0.0")
'org.webjars.npm:auth-header:jar:1.0.0'
<dependency org="org.webjars.npm" name="auth-header" rev="1.0.0">
  <artifact name="auth-header" type="jar" />
</dependency>
@Grapes(
@Grab(group='org.webjars.npm', module='auth-header', version='1.0.0')
)
libraryDependencies += "org.webjars.npm" % "auth-header" % "1.0.0"
[org.webjars.npm/auth-header "1.0.0"]

Dependencies

There are no dependencies for this project. It is a standalone project that does not depend on any other jars.

Project Modules

There are no modules declared in this project.

auth-header

Deal with obscene HTTP Authorization and WWW-Authenticate headers.

build status coverage license version downloads

Type Parse Format
Basic
Digest
AWS
Bearer/OAuth
RFC7235

Note: If you're looking for an all-on-one solution to do authentication against these headers check out express-authentication-header which uses this library behind the scenes.

The HTTP Authorization and WWW-Authenticate family of headers are both pretty nightmareish; there has been, up until recently, no wide consensus about how they should be formatted and so parsing them is lots of fun if fun is pulling your hair out.

This library provides an implementation of RFC7235 which allows for the parsing of many known existing authorization headers (like Basic and Digest) as well as any future ones which follow the standard. Noteably, this library is less strict than it could be to parse some of these legacy formats.

In addition to the format of the header itself being in flux, WWW-Authenticate has its own nasty surprise: sometimes multiple authentication prompts can appear in one header, sometimes they can appear in multiple headers; we ONLY support the latter case since trying to disambiguate between a second prompt and parameters for the first is just about impossible.

import * as authorization from 'auth-header';
import express from 'express';

const app = express();

app.get('/', function(req, res) {

	// Something messed up.
	function fail() {
		res.set('WWW-Authenticate', authorization.format('Basic'));
		res.status(401).send();
	}

	// Get authorization header.
	var auth = authorization.parse(req.get('authorization'));

	// No basic authentication provided.
	if (auth.scheme !== 'Basic') {
		return fail();
	}

	// Get the basic auth component.
	var [un, pw] = Buffer(auth.token, 'base64').toString().split(':', 2);

	// Verify authentication.
	if (pw !== 'admin') {
		return fail();
	}

	// We've reached the promise land.
	res.send('Hello world.');
});

Versions

Version
1.0.0