Proposed fix for challenge / response #489
Conversation
|
To facilitate a discussion of what the best approach to this is, could you link to a strategy that uses this proposed capability? Sent from my iPhone
|
|
An example strategy is here: Note that Chrome and Firefox are shipping WebAuthn around May -- it would be great to have a solution for this by then. |
|
@jaredhanson now that WebAuthn is taking off, I'm dusting off this old PR. Any thoughts about adding a |
| "version": "0.3.2", | ||
| "version": "0.3.3", |
There was a problem hiding this comment.
I don't think it is your task to update package.json.
|
Hi, first of thanks a lot for passport i love using it and i would love to see #488 merged and as @apowers313 pointed out this is the only thing that is left for it to be merged and this is already 4 years old. Is there some actual concern with this change? For me it doesn't seem like other parts could be affected by this change (because it adds a new function) and with ~143 bytes (gzipped, ) excluding spaces it would only add 224 bytes (without comments and spaces) or 124 bytes (gzipped and minified) which seems really reasonable for such a great benefit of being able to use U2F/hardware tokens with Passport |
|
I'm reviving this thread with a comment on the original issue: #488 (comment) Please send me your feedback by continuing the discussion there. Thanks! |
This pull request adds a new strategy augmentation similar to
strategy.pass()andstrategy.fail()that is intended to support challenge / response type authentication protocols as mentioned in #488 . The new method isstrategy.raw(), which is roughly the same asres.send(). It supports options forres.json(),res.type()andres.status()since those seem like those would be the most useful features to people.