Web3-auth NPM | npm.io

1.1.0 • Published 8 years ago

Install

Weekly downloads

4

License

Apache-2.0

Repository

Last release

8 years ago

web3-auth

NPM for signing into Express apps using Web3.

Note this NPM disables non-AJAX requests to prevent XSRF attacks.

How does it work

The Web3 environment (MetaMask / Mist) is requested to sign a message using the account's private key.
The account address and the signed message are POSTed to the backend.
The backend verifies that the signature is correct and generates a signed Json Web Token (JWT) proving that the holder is in control of the address.
The JWT is sent back to the web browser as a HttpOnly (not accessible from frontend JS) session cookie.

TODO

token revocation
set secret in external config

Check out https://github.com/vanbexlabs/ethereum-auth-demo to see how to use it.

ethereum web3 jwt mist metamask express

body-parser cookie-parser eth-sig-util ethereumjs-util ethjs express-jwt jsonwebtoken web3

@infinitebrahmanuniverse/nolb-web3 @everything-registry/sub-chunk-3124

8 years ago

8 years ago