Authentication

    Authenticators allow implementing basic password mechanism using simple built-in hashing functions.

    createAuth([options]): Authenticator

    Creates an authenticator.

    Arguments

    • options: Object (optional)

      An object with the following properties:

      • method: string (Default: "sha256")

        The hashing algorithm to use to create password hashes. The authenticator will be able to verify passwords against hashes using any supported hashing algorithm. This only affects new hashes created by the authenticator.

        Supported values:

        • "md5"
        • "sha224"
        • "sha384"
        • "sha512"
        • "pbkdf2"

        Note: PBKDF2 is more secure but also takes considerably more resources to compute, which will impact ArangoDB performance, especially when verifying/hashing multiple passwords at a time. If you need a secure authentication mechanism consider performing authentication outside the database or using a third-party identity provider that supports OAuth 1.0a or .

      • saltLength: number (Default: 16)

        Also used as the key length for PBKDF2.

    Returns an authenticator.

    Creates an authentication data object for the given password with the following properties:

    • method: string

      The method used to generate the hash.

    • salt: string

      A random salt used to generate this hash.

    • The hash string itself.

    Arguments

    • password: string

      A password to hash.

    Returns the authentication data object.

    auth.verify([hash, [password]]): boolean

    Verifies the given password against the given hash using a constant time string comparison.

    Arguments

    • hash: AuthData (optional)

      A authentication data object generated with the create method.

    • password: string (optional)

    Returns if the hash matches the given password. Returns false otherwise.