Skip to content
Web3 authentication strategy for passport
JavaScript Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
test
.eslintrc
.gitignore
Makefile
README.md
index.js
package-lock.json
package.json
webpack.config.js

README.md

Web3 Passport Strategy

Web3 strategy for passport which authenticates the user by decoding a message signed with the user's ETH address, and checking if it matches the address that they are trying to authenticate.

Setup

const Web3Strategy = require('passport-web3');

/**
 * Called when authorization succeeds. Perform any additional verification here,
 * and either return the user's data (if valid), or deny authorization by
 * passing an error to the `done` callback.
 */
const onAuth = (address, done) => {
  // optional additional validation. To deny auth:
  // done(new Error('User is not authorized.'));
  User.findOne({ address }, (err, user) => done(err, user));
};
const web3Strategy = new Web3Strategy(onAuth);

passport.use(web3Strategy);

// endpoint
app.post('/login', passport.authenticate('web3'));

Usage (client-side)

const ethUtil = require('ethereumjs-util');

// The contents of the message can be anything
const rawMessage = 'Some message';
const msg = ethUtil.bufferToHex(new Buffer(rawMessage, 'utf8'));
const address = web3.eth.accounts[0];
const handleSignature = (err, signed) => {
  if (!err) {
    const fetchOpts = {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' }.
      body: JSON.stringify({ address, msg, signed })
    };

    fetch('/login', fetchOpts).then(res => {
      if (res.status >= 200 && res.status <= 300) {
        return res.json();
      } else {
        throw Error(res.statusText);
      }
    }).then(json => {
      // Auth succeeded
    }).catch(err => {
      // Auth failed
    })
  }
};

web3.personal.sign(msg, address, handleSign);
You can’t perform that action at this time.