erikmav / passport-sqrl Goto Github PK
View Code? Open in Web Editor NEWNode.js + ExpressJS + PassportJS implementation of the Secure Quick Reliable Login protocol from Gibson Research
License: MIT License
Node.js + ExpressJS + PassportJS implementation of the Secure Quick Reliable Login protocol from Gibson Research
License: MIT License
The current default implementation of nut generation uses a cryptographic pseudo-random number generator. The SQRL spec allows for this but also recommends the server implement a deeper scheme that creates a 128-bit structure and encrypt it using a server secret. This blob can contain an IPv4 or 32 bits of a hash of an IPv6, along with other information. On return of the nut to the server, the server and decrypt the nut and determine that the nut is not too old, and set a TIF flag in its next response indicating to the SQRL client whether IP that retrieved the nut is the same as the one that returned it to the server.
This feature will require at minimum a static server secret (e.g. a passphrase) to feed the encryption key. More ideally the secret and key should vary over time, updating once in awhile, with the server attempting to decrypt from two or more recent keys.
ed25519
does not work with node 12.
Version 0.1.0 does not include support for the SQRL remove command.
Maybe it's just me not being a passport.js ninja (yet..) but I read the explanation under ##Using ... and looked at the code, and I feel like there is some info missing. If someone has this figured, maybe a screencast that shows the integration points and a sentence or two about the integration steps?
Version 0.1.0 does not include support for enable+disable.
Some changes to the SQRL protocol happened recently (sometime Jan-Feb?) that forces all clients to upgrade. And such changes might happen again.
It would be awesome if the README could somehow clarify its compatibility level.
Maybe the SQRL protocol has some kind of version numbers?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.