This module exports generic definitions for Wai-authentication pipelines
requireLoginMiddleware looks for the
header from an
Response and, if present, responds to
the user with an authentication request instead of the
response (e.g., a redirect to a login page or an HTTP response with
Additionally, this module exports authentication
Middlewares for basic HTTP
devBasicAuth, (useful in development environments)
and federated (OpenID) authentication,
openIdAuth. In general,
Middlewares are expected to set the
header on the request if it is from an authenticated user.
Executes the app and if the app
Response has header
X-Hails-Login and the user is not logged in, respond with an
authentication response (Basic Auth, redirect, etc.)
Authentica user with Mozilla's persona.
X-Hails-Persona-Login header is set, this intercepts the
request and verifies the supplied identity assertion, supplied in the
If the authentication is successful, set the
_hails_user_hmac cookies to identify the user. The former
contains the user email address, the latter contains the MAC that is
used for verifications in later requests.
X-Hails-Persona-Logout header is set, this intercepts the
request and deletes the aforementioned cookies.
If the app wishes the user to authenticate (by setting
this redirects to
audience/login -- where the app can call
Authenticate with external app
Use an external authentication service that sets cookies.
The cookie names are
_hails_user, whose contents contains the
_hails_user_hmac, whose contents contains
HMAC-SHA1(user-name). This function simply checks that the cookie
exists and the MAC'd user name is correct. If this is the case, it
returns a request with the cookie removed and
set. Otherwies the original request is returned.
The login service retuns a redirect (to the provided url).
_hails_refer$ is set to the current