passport-client-certificate

Passport strategy for authenticating using client certificates.

This module lets you authenticate using client certificates in Node.js applications. Client certificate authentication can be added any application or framework that supports Connect-style middleware, including Express. Optionally, using koa-passport it can be integrated into Koa

Install

$ npm install passport-client-certificate

Usage

Configure Strategy

The client cert authentication strategy authenticates requests based on the client certificate credentials submitted in the TLS handshake

Applications must supply a verify callback which accepts the client certificate. It then calls the done callback supplying a user. User should be set to false if the credentials are not valid. If an exception occured, err should be set.

Options: - passReqToCallback when true, req is the first argument to the verify callback (default: false)

Examples:

  passport.use(new ClientCertStrategy(
    function (certificate, done) {
      if (!config.auth.client_certificates_enabled) {
        return done(new UnauthorizedError('Unsupported authentication method'))
      }

      const fingerprint = clientCert.fingerprint.toUpperCase()
      Account.findByFingerprint(fingerprint)
        .then(function (userObj) {
          if (!userObj || userObj.is_disabled || userObj.fingerprint !== fingerprint) {
            return done(new UnauthorizedError('Unknown or invalid account'))
          }
          done(null, userObj)
        })
    }))

Authenticate Requests

Use passport.authenticate(), specifying the 'client-cert' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.post('/login',
  passport.authenticate('client-cert', { failureRedirect: '/login' }),
  function(req, res) {
    res.redirect('/');
  });

Tests

$ npm install
$ npm test

Credits

Setting up certificates for the test application is based on https://github.com/anders94/https-authorized-clients/.