I am developing a website using node.js as server.
I want to create a challenge based authentication logic.
The idea is that the client doesn't send the password to the server, but when he is trying to authenticate to the server, the server sends to the client a message to encrypt in the right way. The client sends the encrypted message and the server compare the sended message with the encrypted message. If the two messages are equal then the client is authenticated , otherwise he isn't.
I want to create this logic in node.js. Does someone know how to do it?
Is there a framework that could help me to do it?
Best regards,
Andrea
Asked
Active
Viewed 23 times
0
Andrea Fresa
- 351
- 2
- 18
-
Use `jwt` authentication – Ramesh S Apr 09 '19 at 06:19
1 Answers
0
As your question you want to use some authentication. try this
Use JWT authentication.
npm install jsonwebtoken
some example code:
var jwt = require('jsonwebtoken');
// create token
jwt.sign(userDetails, 'secret_key', (err, token)=>{
res.status(200).json({status:"success", resCode: 200, token: token }); //send this token to user
});
//validate token
jwt.verify(token, 'secret_key', (err, decoded) => {
console.log(decoded) // bar
});
Ramesh S
- 585
- 3
- 10
- 32
-
It seems like JWT creates a sort of session with JSON Token after the login process.The login is always made with user and pwd sended as plain text from client to server. What if I want that my client desn't send the password? The idea is that the server has to send a message that the client has to encrypt correctly. Then the encrypted message is sended back to the server. If the encryption is correct then he is logged in. – Andrea Fresa Apr 09 '19 at 07:10