Authentication

Authenticators allow implementing basic password mechanism using simplebuilt-in hashing functions.

createAuth([options]): Authenticator

Creates an authenticator.

Arguments

An object with the following properties:

method: string (Default: "sha256")

The hashing algorithm to use to create password hashes.The authenticator will be able to verify passwords against hashes usingany supported hashing algorithm. This only affects new hashes createdby the authenticator.

Supported values:

Note: PBKDF2 is more secure but also takes considerably more resources to compute, which will impact ArangoDB performance, especially when verifying/hashing multiple passwords at a time. If you need a secure authentication mechanism consider performing authentication outside the database or using a third-party identity provider that or OAuth 2.0.

saltLength: number (Default: )

Also used as the key length for PBKDF2.

workFactor: number (Default: 1)

Can be used to scale the number of iterations for PBKDF2 hashes,lower means faster, higher means slower.

Note that when using PBKDF2 the number of iterations will be automaticallyscaled based on the number of milliseconds elapsed since 1 January 2000,the work factor can be used to adjust the result further as needed.

Returns an authenticator.

auth.create(password): AuthData

Creates an authentication data object for the given password with thefollowing properties:

The method used to generate the hash.

salt: string

A random salt used to generate this hash.

hash:

Arguments

password: string

A password to hash.

Returns the authentication data object.

auth.verify([hash, [password]]): boolean

Verifies the given password against the given hash using a constant timestring comparison.

Arguments

A authentication data object generated with the create method.

password: string (optional)

A password to verify against the hash.