diff --git a/Documentation/Books/Users/FoxxBundledApps/SimpleAuth.mdpp b/Documentation/Books/Users/FoxxBundledApps/SimpleAuth.mdpp index 11d5fa34ee..92b2cf8827 100644 --- a/Documentation/Books/Users/FoxxBundledApps/SimpleAuth.mdpp +++ b/Documentation/Books/Users/FoxxBundledApps/SimpleAuth.mdpp @@ -1,3 +1,41 @@ !CHAPTER The Simple Authentication App -WRITEME \ No newline at end of file +The simple auth app provides hashed password-based authentication with automatically generated salts and constant-time password verification. + +*Configuration* + +* *saltLength* (optional): length of newly generated salts. Default: *16*. +* *hashMethod* (optional): hash algorithm to use. Supported values: *sha1*, *sha224*, *sha256*, *md5*. Default: *"sha256"*. + +```js +var auth = Foxx.requireApp('/_auth').auth; +``` + +!SECTION Generate an authentication object + +Generates an authentication object for a given password. + +`auth.hashPassword(password)` + +Returns an authentication object with the following properties: + +* *hash*: the generated hex-encoded hash. +* *salt*: the salt used to generate the hash. +* *method*: the algorithm used to generate the hash. + +*Parameter* + +* *password*: the password to hash. + +!SECTION Verify a password + +Verifies a password against a given authentication object. + +`auth.verifyPassword(authData, password)` + +Generates a hash for the given password using the *salt* and *method* stored in the authentication object and performs a constant time string comparison on them. Returns *true* if the password is valid or *false* otherwise. + +*Parameter* + +* *authData*: an authentication object. +* *password*: a password to verify. \ No newline at end of file