QUESTION: Current Users ?

LinusU / secure-remote-password

A modern SRP implementation for Node.js and Web Browsers

101 stars 22 forks source link

QUESTION: Current Users ? #2

Open alexgoldstone opened 6 years ago

alexgoldstone commented 6 years ago

Since this is a relatively new implementation, I am just wondering if it is in use anywhere yet?

LinusU commented 6 years ago

I'm currently using it in a product that is in private testing right now, but apart from that I don't think that anyone is using it.

I would love for the Node.js community to have a stable implementation of SRP that's easy to use, and my ambition is that this module will become that module. But since this is very new there is still a long way to go.

It would be awesome to get some company involved with Node.js security (Lyft, nsp, Snyk?) to do a proper audit of the source code, but at the moment I don't personally have the funds to get that going. But maybe someone would be willing to donate some time to an open source library :)

I'll probably reach out to them when I'm happy with the external API, which I hope to happen quite soon. At that point I would also tag some kind of 1.x version (maybe 1.0.0-rc.1 at first, and 1.0.0 after an audit)

Open to any ideas! 😄

abhijithvijayan commented 5 years ago

@LinusU I am trying to implement this authentication in https://github.com/onepassapp/onepass

Implemented it till the last verify session.

Screenshot from 2019-06-30 15-30-31

Could you clarity some doubts?

The whole code is wrapped under a try-catch, so do I need to put a special condition to check if the session was verified successfully?

I need to dispatch the action followed by the function which updates state from isAuthenticated: false to true

abhijithvijayan commented 5 years ago

also I was wondering, how the following requests after login would be carried out.

Maybe using a JWT token or something would be perfect right?

The last step is optional right? If that is the case,I it okay to transfer JWT token along with it?

LinusU commented 5 years ago

The whole code is wrapped under a try-catch, so do I need to put a special condition to check if the session was verified successfully?

Then you should be good to go 👍

Maybe using a JWT token or something would be perfect right?

That should work great 👍

The last step is optional right?

Not sure what you mean here, there is no optional steps 🤔

abhijithvijayan commented 5 years ago

@LinusU Thanks for getting back to me, does this package requires updates or something?

@onepassapp completely relies on this package for authentication (uses pbkdf2)

Also, Is it necessary to generate salt using saltGen function provided with this package?

I used node-forge for that. All it requires a 32byte random string right?