SuperTest

Auth分类

Basic:基本身份认证,直接采用:用户名密码

  • 基本用法
1
2
3
4
5
6
it('should receive a status code of 200 with login', function(done) {
    request(url)
        .get('/staging')
        .auth('the-username', 'the-password')
        .expect(200, done);
});
  • Base64加密
1
.set("Authorization", "basic " + new Buffer("username:password").toString("base64"))

Digest:摘要式身份认证

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
request.get('http://some.server.com/').auth('username', 'password', false);
// or
request.get('http://some.server.com/', {
  'auth': {
    'user': 'username',
    'pass': 'password',
    'sendImmediately': false
  }
});
// or
request.get('http://some.server.com/').auth(null, null, true, 'bearerToken');
// or
request.get('http://some.server.com/', {
  'auth': {
    'bearer': 'bearerToken'
  }
});

OAuth Authentication

  • 例子
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
var OAuth = require('openauth');
var request = require('superagent');

require('superagent-openauth')(request);

var oauth = new OAuth(consumerKey, consumerSecret, {...});

request.post('https://api.twitter.com/1.1/statuses/update.json')
  .sign(oauth, token, tokenSecret)
  .type('urlencoded')
  .send({status: 'hello world'})
  .end(function(res) {
    console.log(res.status, res.body);
  });
  • OAuth 1
1
request.sign(oauth, token, secret);

oauth: OAuth instance token: string access token secret: string access token secret

  • OAuth 2
1
request.sign(oauth, token);

oauth: OAuth2 instance token: string access token

Kerberos

  • 完成二次认证交互,第三次再进行业务交互。传输过程中没有密码
  • 示意图

参考资料