SuperTest

Auth分类

Basic:基本身份认证,直接采用:用户名密码

  • 基本用法

    1
    2
    3
    4
    5
    6
    it('should receive a status code of 200 with login', function(done) {
    request(url)
    .get('/staging')
    .auth('the-username', 'the-password')
    .expect(200, done);
    });
  • Base64加密

1
.set("Authorization", "basic " + new Buffer("username:password").toString("base64"))

Digest:摘要式身份认证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
request.get('http://some.server.com/').auth('username', 'password', false);
// or
request.get('http://some.server.com/', {
'auth': {
'user': 'username',
'pass': 'password',
'sendImmediately': false
}
});
// or
request.get('http://some.server.com/').auth(null, null, true, 'bearerToken');
// or
request.get('http://some.server.com/', {
'auth': {
'bearer': 'bearerToken'
}
});

OAuth Authentication

  • 例子
1
2
3
4
5
6
7
8
9
10
11
12
13
14
var OAuth = require('openauth');
var request = require('superagent');

require('superagent-openauth')(request);

var oauth = new OAuth(consumerKey, consumerSecret, {...});

request.post('https://api.twitter.com/1.1/statuses/update.json')
.sign(oauth, token, tokenSecret)
.type('urlencoded')
.send({status: 'hello world'})
.end(function(res) {
console.log(res.status, res.body);
});
  • OAuth 1
1
request.sign(oauth, token, secret);

oauth: OAuth instance token: string access token secret: string access token secret

  • OAuth 2
1
request.sign(oauth, token);

oauth: OAuth2 instance token: string access token

Kerberos

  • 完成二次认证交互,第三次再进行业务交互。传输过程中没有密码
  • 示意图

参考资料