I'd like to encrypt a password for a 3rd party website. Is bcrypt the right way?

I know that useraccounts package uses bcrypt and I’d like to use a similar solution to encrypt a 3rd party password (the website doesn’t offer OAuth or similar) and store it in my second (remote) app’s database.

However the bcrypt documentation is rather sparse (or beyond my capability).

Any suggestions on how I should solve this?

bcrypt is used for hashing not encryption, so you’d only be able to use it store a hash - which probably wouldn’t help you if you’re trying to auth with a 3rd party.

You mention that the 3rd party doesn’t support oAuth… Have you thought about asking the user for credentials, authenticating and storing the token or some kind of cookie returned by the 3rd party to do the auth in future?

If you absolutely have to store and decrypt the password at a later date you can probably use node’s crypto library with AES-256, see example here: https://github.com/chris-rock/node-crypto-examples/blob/master/crypto-ctr.js

This is very risky - be very careful storing user credentials for a 3rd party service like this…

1 Like