{"id":21189341,"url":"https://github.com/artnum/menshen","last_synced_at":"2025-10-08T10:09:20.331Z","repository":{"id":62488155,"uuid":"373180281","full_name":"artnum/Menshen","owner":"artnum","description":"Authentication mechanism using private/public key. ","archived":false,"fork":false,"pushed_at":"2021-10-04T09:13:30.000Z","size":19,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-06T10:43:58.854Z","etag":null,"topics":["authentication","authentication-strategy","rsa-cryptography","rsa-key-pair","security","stateless","web"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/artnum.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-02T13:35:55.000Z","updated_at":"2021-10-04T09:08:56.000Z","dependencies_parsed_at":"2022-11-02T09:31:06.378Z","dependency_job_id":null,"html_url":"https://github.com/artnum/Menshen","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/artnum/Menshen","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artnum%2FMenshen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artnum%2FMenshen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artnum%2FMenshen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artnum%2FMenshen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/artnum","download_url":"https://codeload.github.com/artnum/Menshen/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artnum%2FMenshen/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278924715,"owners_count":26069511,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authentication-strategy","rsa-cryptography","rsa-key-pair","security","stateless","web"],"created_at":"2024-11-20T18:51:59.161Z","updated_at":"2025-10-08T10:09:20.315Z","avatar_url":"https://github.com/artnum.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Menshen\n\nAuthentication mechanism for the web using private/public key pair.\n\n## Stateless\n\nThis mechanism is not meant to provide a secure session, only authenticated request. The client use the HTTP header Authorization to add relevant information about the signature. Signature are RSA-PSS, most parameters can be tuned by the client.\nThe server handle only a \"client id\" and the associate public key.\n\n## Privacy\n\nThe client never need to share the private key with the server. The client handle its private key as it sees fit.$\n\n## Simple\n\nAs the server just need to hash some header and verify it against a given signature, it can be added easly on almost anything without too much modification. As the private key can be in a file, embbed in an URL or a QR Code, it can provide a password-less experience for the user. Once the user register, he received a link with embbed private key. On the first log in, a new pair is generated, the public key is sent to the server, the private one is stored in the IndexedDB of the navigator and a quite secure authentication is set.\nA password on the private key can be, of course, set for added security.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fartnum%2Fmenshen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fartnum%2Fmenshen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fartnum%2Fmenshen/lists"}