Authenticate users.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

jvc-auth npm version

Authenticate users.


This library uses antisocial-auth over jvc to allow any website to authenticate users, being sure they own the username they claimed.


  1. An user wants to authenticate to your application with their username.
  2. You generate a nonce and ask them to send it in a private mesage to a bot user you own.
  3. When the user confirm they're done, check the bot private messages for the nonce.
  4. If the nonce is found, the user is authenticated.


You need to override the jvc property with a logged in instance (in a bot account) so the library can access the bot private messages.

You can use the jvc.login method to go through the login/password/captcha process. But you're encouraged to do this just once and store the cookie to reuse it. In the example below, I assume you already have a valid cookie.

const defaultAuth = require('jvc-auth')

const auth = defaultAuth.override({
  jvc: defaultAuth.jvc.override({ user: { cookie: 'your-bot-cookie' } }),

Generate a nonce

// Get nonce buffer.
const nonce = await auth.generateNonce()

// Nice encoding of the nonce to show to the user.
const displayNonce = auth.beautify(nonce)

Verify a message

if (await auth.checkMessage('user', nonce)) {
  // The user is authenticated.


See the demo directory, which contains a concrete usage example with an Express web app.