This library provides the server-side building blocks for implementing logion's authentication scheme.
In a nutshell, a JSON Web Token (JWT, Standard: RFC 7519 - JSON Web Tokens) is issued to a user which proves he is the owner of a given keypair. This is achieved by:
- creating a session with a random ID associated with a public key provided by the user,
- sending back the session data to the user for signature,
- finally receiving a signature sent by the user and, if the signature can be verified with the public key associated with the session, issue a JWT.
Two main components are provided:
- The
SessionManagerwhich creates and validates sessions, - The
Authenticatorwhich creates and verifies JWT tokens.
const tokenConfig: TokenConfig = {
nodePeerId: PeerId.createFromB58String("12D3KooWBmAwcd4PJNJvfV89HwE48nwkRmAgo8Vy3uQEyNNHBox2"),
nodeKey: Buffer.from("c12b6d18942f5ee8528c8e2baf4e147b5c5c18710926ea492d09cbd9f6c9f82a", "hex"),
nodeOwner: "5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY",
jwtTimeToLive: Duration.fromObject({ hour: 1 }),
};
const { sessionManager, authenticator } = defaultSetup({ api, tokenConfig });
// ... receive address (i.e. the public key) from the user
const address = "...";
const session = sessionManager.createNewSession(address);
// ... send session data back to the user
// ... receive signature from user
const signature: SessionSignature = {
...
};
const signedSession = await sessionManager.signedSessionOrThrow(session, signature);
const token = await authenticator.createToken(signedSession, DateTime.now());
// ... send token back to the user
// ... Later on, verify tokens and check access rules
const authenticatedUser = await authenticator.ensureAuthenticatedUserOrThrow(token.value);
if(authenticatedUser.is("5DPLBrBxniGbGdFe1Lmdpkt6K3aNjhoNPJrSJ51rwcmhH2Tn")) {
// Let user with keypair 5DPLBrBxniGbGdFe1Lmdpkt6K3aNjhoNPJrSJ51rwcmhH2Tn do something
}