Code Monkey home page Code Monkey logo

passport-sqrl's People

Contributors

dependabot[bot] avatar erikmav avatar sesam avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

yukuansong sesam nguyendoanh99 chicago-jr-devs

passport-sqrl's Issues

Support same-IP detection with encrypted nut implementation

The current default implementation of nut generation uses a cryptographic pseudo-random number generator. The SQRL spec allows for this but also recommends the server implement a deeper scheme that creates a 128-bit structure and encrypt it using a server secret. This blob can contain an IPv4 or 32 bits of a hash of an IPv6, along with other information. On return of the nut to the server, the server and decrypt the nut and determine that the nut is not too old, and set a TIF flag in its next response indicating to the SQRL client whether IP that retrieved the nut is the same as the one that returned it to the server.

This feature will require at minimum a static server secret (e.g. a passphrase) to feed the encryption key. More ideally the secret and key should vary over time, updating once in awhile, with the server attempting to decrypt from two or more recent keys.

Add support for SQRL remove API

Version 0.1.0 does not include support for the SQRL remove command.

  • Add API support and needed updates to ISQRLIdentityStorage
  • Add MockSqrlClient support
  • Add pure unit tests
  • Add integration tests
  • Update documentation and push new package version.

feat(README): make it easier to get started

Maybe it's just me not being a passport.js ninja (yet..) but I read the explanation under ##Using ... and looked at the code, and I feel like there is some info missing. If someone has this figured, maybe a screencast that shows the integration points and a sentence or two about the integration steps?

Add support for SQRL disable and enable

Version 0.1.0 does not include support for enable+disable.

  • Add API support
  • Add needed interface updates for ISQRLIdentityStorage
  • Add support in the MockSqrlClient
  • Add pure unit tests
  • Add integration tests
  • Update documentation and push new package version.

feat(README): add info about SQRL compatibility target

Some changes to the SQRL protocol happened recently (sometime Jan-Feb?) that forces all clients to upgrade. And such changes might happen again.

It would be awesome if the README could somehow clarify its compatibility level.

Maybe the SQRL protocol has some kind of version numbers?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.