git.squeep.com Git - squeep-authentication-module/blob - README.md

   1 # @squeep/authentication-module
   2
   3 Common session-based authentication routines, page templates, and management handlers.
   4
   5 Specific to Squeep Framework Applications, this module has strong opinions and makes many assumptions.
   6
   7 Supports IndieAuth profile identifiers, and database-backed user identifiers.
   8
   9 ## API
  10
  11 ### Authenticator
  12
  13 Class which fetches and validates identifiers and their credentials from database.
  14
  15 There are some methods for dealing with Basic auth in here as well, but they are not used by sessions.
  16
  17 - `sessionRequiredLocal` redirect to login if session does not represent a valid local user
  18 - `sessionRequired` redirect to login if session does not represent a valid local user or IA profile
  19 - `sessionOptionalLocal` check if session represents a valid local user
  20 - `sessionOptional` check if session represents a valid local user or IA profile
  21
  22 If session is valid for any of these, ctx.session will be populated appropriately.
  23
  24 - `ctx.authenticatedId` will be set to either the valid local identifier or the valid profile
  25 - `ctx.session.authenticatedIdentifier` will be set if valid local identifier
  26 - `ctx.session.authenticatedProfile` will be set if valid IA profile
  27
  28 ### SessionManager
  29
  30 Class providing service handler functions for rendering and processing session login and logout pages.
  31
  32 - `getAdminLogin` renders the HTML login form
  33 - `postAdminLogin` ingests login form data, either validating or denying
  34   for local users, or redirecting to IndieAuth server and persisting transient state
  35   in session cookie.
  36 - `getAdminIA` interprets the returning redirect from the IndieAuth server.
  37
  38 ### Other Notes
  39
  40 The logger used should be able to mask `ctx.parsedBody.credential` context field.