1.0.1 • Published 5 years ago
ethotp v1.0.1
EthOTP
EthOTP is a Node.js implementation of Ethereum One-Time Password (EthOTP) Authentication. It provides a costless mechanism of securely determining Ethereum address ownerships off-chain for any Ethereum network without transmission of the private key.
This module is to be used as middleware for conventional web authentication implementations such as session or token based authentication.
Authentication Workflow
- Client requests a challenge-string from server
- Server uses EthOTP to generate a challenge-string and send it to the client (whilst storing the challenge-string)
- The client signs the challenge-string with their private key (via MetaMask/hardware wallet/whatever) and sends it back
- Server receives the signed challenge-string and verifies (signature matching challenge-string) and validates (check that challenge-string is generated by EthOTP and not time expired) the challenge-string
- Server then has proof of ownership of the address, and can then continue to authenticate the client via JWT or something else
Potential Use Cases
- Message board where users are not allowed to post unless they have a certain amount of ETH or token
- Removing username/password authentication requirements (sign in using address only, then linking that to accounts)
Usage
Generating a challenge
let challengeString = ethotp.generateChallenge();
Verifying a signed response
let isVerifiedAndValid = ethotp.validateAndVerify(message, signature, address);
isVerifiedAndValid is a boolean value representing whether the message was signed with the signature and that the address is the signer of the message
Installation
npm install ethotp
Running tests
npm test
Vulnerabilities / Issue reporting
If you find any vulnerabilities please let me know on github as an issue thanks ٩( ''ω'' )و