/iotauth

Primary LanguageTypeScriptMIT LicenseMIT

IotAuth

Build Status Coverage Status dependencies Status devDependencies Status MIT license NSP Status FOSSA Status

iotauth is a 2fa module built on iota's tangle ledger. To see an example of iotauth being implemented, checkout Blogshot's demo over at https://github.com/Blogshot/iotauth-demo. Sites wishing to implement this authentication method would follow this flow.

  1. present user with a seed or allow them to provide a seed.
  2. user backs up seed
  3. site or app stores users' seed as well.
  4. user attempts to log in to site
  5. user must attach a new address using their seed without reusing a previous address(send a 0 value transaction to their own public address)
  6. The transaction must be sent within the timeframe specified by the site or application (Defaults to infinity)
  7. optionally the app or site can specify a validation code for the user to be sent in json format {code: 'verificationcode'}.

This module uses iota-seed-generator to generate iota seeds. It appears this module uses windows powershell (when on windows) to generate a seed which I believe is not considered secure at this time. Please be aware of this when using the module. For more info check this github: https://github.com/bmavity/iota-seed-generator

related issue: bmavity/iota-seed-generator#1

NOTE: as of 2.0.0 seed generation and code generation have been removed and the responsibility will be on the consumer of this module.

Using npm:

$ npm i --save iota-auth

In Node.js:

//with imports
import { IotAuth } from 'iota-auth';

//with require
const IotAuth = require('iota-auth').IotAuth;





//initialize with stored seed / passed seed from user
const seed ='PBGRWJXOALEOBXNUPCFUNWXSEXMYC9BVLLK9HMUDXNOETYJHSKBHDR9SWAWJIKVPFSBWNCNSQQJUFUPJM';
const iotaAuth = new IotAuth(seed);

//initialize with stored seed and expiration time (minutes)
const iotaAuth = new IotAuth(seed, 6);
//checks whether code was passed within 6 minutes

//pass validation code
let code = 'LMNOPQ';
let isValid = await iotaAuth.isTransactionValid(code);

//get the set seed
let seed = await iotaAuth.getSeed();



//validate without a code
let isValid = await iotaAuth.isTransactionValid();

Index

External modules