Top Related Projects
INACTIVE - HTTP Holder-Of-Key Authentication Scheme
JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.
Open Source Identity and Access Management For Modern Applications and Services
Quick Overview
Hawk is a HTTP authentication scheme developed by Mozilla. It provides a method for making authenticated HTTP requests with partial cryptographic verification of the request, without requiring the client to send the full credentials on every request.
Pros
- Improved security compared to basic auth, as it doesn't send passwords with each request
- Supports both server and client-side implementations
- Includes protection against replay attacks and request tampering
- Can be used with various hashing algorithms (SHA256, SHA1, MD5)
Cons
- More complex to implement than basic auth
- Requires careful time synchronization between client and server
- May have performance overhead due to cryptographic operations
- Less widely supported compared to other auth schemes like OAuth
Code Examples
- Creating a Hawk client:
const Hawk = require('hawk');
const credentials = {
id: 'dh37fgj492je',
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
algorithm: 'sha256'
};
const client = new Hawk.Client(credentials);
- Generating a Hawk authorization header:
const options = {
credentials: credentials,
timestamp: Math.floor(Date.now() / 1000),
nonce: 'Ygvqdz',
method: 'POST',
resource: '/resource/1?b=1&a=2',
host: 'example.com',
port: 8000,
payload: 'Thank you for flying Hawk'
};
const header = Hawk.client.header('https://example.com:8000/resource/1?b=1&a=2', 'POST', options);
- Validating a Hawk request on the server:
const Hawk = require('hawk');
const credentialsFunc = function (id, callback) {
const credentials = {
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
algorithm: 'sha256',
user: 'Steve'
};
return callback(null, credentials);
};
const server = new Hawk.Server(credentialsFunc);
server.authenticate(req, credentialsFunc, {}, (err, credentials, artifacts) => {
// Handle authentication result
});
Getting Started
To use Hawk in your project:
-
Install the package:
npm install hawk -
Import Hawk in your code:
const Hawk = require('hawk'); -
Create a client or server instance:
const credentials = { id: 'your-id', key: 'your-key', algorithm: 'sha256' }; const client = new Hawk.Client(credentials); -
Use the client to generate headers for requests or the server to validate incoming requests.
Competitor Comparisons
INACTIVE - HTTP Holder-Of-Key Authentication Scheme
Pros of Hawk
- No meaningful pros can be identified as this is the same repository
Cons of Hawk
- No meaningful cons can be identified as this is the same repository
Code Comparison
The code comparison is not applicable in this case, as we are comparing the same repository to itself.
Additional Notes
Hawk is a Mozilla project for HTTP authentication using a message authentication code (MAC) algorithm. It provides a way to authenticate HTTP requests and responses without sending passwords or bearer tokens.
Some key features of Hawk include:
- Server and client components for Node.js
- Browser-side JavaScript implementation
- Bewit support for single-use authentication tokens
- Extensible for custom functionality
The repository contains the core Hawk implementation along with documentation and examples. Since we're comparing the repository to itself, there are no meaningful differences to highlight in terms of pros, cons, or code.
JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
Pros of node-jsonwebtoken
- Widely adopted and well-maintained JWT implementation
- Supports various algorithms and customizable options
- Extensive documentation and community support
Cons of node-jsonwebtoken
- Limited to JWT authentication, less flexible for custom protocols
- Requires additional libraries for more complex authentication flows
- May have a steeper learning curve for beginners
Code Comparison
node-jsonwebtoken:
const jwt = require('jsonwebtoken');
const token = jwt.sign({ userId: 123 }, 'secret', { expiresIn: '1h' });
const decoded = jwt.verify(token, 'secret');
hawk:
const Hawk = require('hawk');
const credentials = { id: 'dh37fgj492je', key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn', algorithm: 'sha256' };
const header = Hawk.client.header('https://example.com/resource/1', 'GET', { credentials: credentials, ext: 'some-app-data' });
Summary
node-jsonwebtoken is a popular choice for JWT-based authentication, offering robust features and extensive community support. However, it's limited to JWT and may require additional libraries for complex scenarios. Hawk, on the other hand, provides a more flexible authentication protocol but has a smaller user base and less documentation. The choice between the two depends on specific project requirements and the desired authentication approach.
JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.
Pros of jose
- Supports a wider range of JSON Web Token (JWT) operations, including signing, verification, encryption, and decryption
- More actively maintained with frequent updates and bug fixes
- Provides TypeScript support out of the box
Cons of jose
- Larger package size due to more comprehensive feature set
- Steeper learning curve for developers new to JWT concepts
- May require additional configuration for specific use cases
Code Comparison
hawk:
const hawk = require('hawk');
const credentials = { key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn' };
const options = { timestamp: Math.floor(Date.now() / 1000) };
const header = hawk.client.header('http://example.com', 'GET', { credentials, options });
jose:
const jose = require('jose');
const secret = new TextEncoder().encode('your-256-bit-secret');
const jwt = await new jose.SignJWT({ 'urn:example:claim': true })
.setProtectedHeader({ alg: 'HS256' })
.setIssuedAt()
.setExpirationTime('2h')
.sign(secret);
Open Source Identity and Access Management For Modern Applications and Services
Pros of Keycloak
- Comprehensive identity and access management solution with a wide range of features
- Supports multiple authentication protocols (OAuth 2.0, OpenID Connect, SAML)
- Active development and large community support
Cons of Keycloak
- More complex setup and configuration compared to Hawk
- Higher resource requirements due to its extensive feature set
- Steeper learning curve for developers new to the system
Code Comparison
Hawk (JavaScript):
const hawk = require('hawk');
const credentials = {
id: 'dh37fgj492je',
key: 'werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn',
algorithm: 'sha256'
};
const header = hawk.client.header('https://example.com/resource', 'GET', { credentials: credentials });
Keycloak (Java):
KeycloakBuilder keycloak = KeycloakBuilder.builder()
.serverUrl("https://example.com/auth")
.realm("myrealm")
.clientId("myclient")
.clientSecret("myClientSecret")
.username("user")
.password("password")
.build();
AccessTokenResponse response = keycloak.tokenManager().grantToken();
The code snippets demonstrate the basic setup for authentication in both systems. Hawk focuses on generating authentication headers, while Keycloak provides a more comprehensive client setup for token-based authentication.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
[!Important] Mozilla has archived this repository because both the protocol and documentation have reached completion, with no further updates or changes necessary.
While the existing code will remain available for reference or fork, no further updates or support should be expected.
hawk
HTTP Holder-Of-Key Authentication Scheme.
Documentation of the protocol, and the JS API, is in https://github.com/mozilla/hawk/blob/main/API.md.
Ownership Changes
This was once hueniverse/hawk and relased as hawk.
Then, after the 7.0.10 release, it was moved to the hapijs/hawk repository and released as @hapi/hawk.
Hapi later de-supported the library, after releasing version 8.0.0.
It has since been moved to mozilla/hawk and is again released as hawk.
All of the intermediate versions are also relased as hawk.
Changes are represented in GitHub releases on this repository.
Mozilla maintains several Hawk implementations in different langauages, so it is likely to stay at Mozilla for some time.
This library is in "maintenance mode" -- no features will be added, and only security-related bugfixes will be applied.
Top Related Projects
INACTIVE - HTTP Holder-Of-Key Authentication Scheme
JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html
JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.
Open Source Identity and Access Management For Modern Applications and Services
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot