Yesterday, HiveAuth (formely Hive Authentication Services or HAS) has been released. Hive Keychains, Peakd and Hive.Blog have released a new version that adds support to this new secure way of login yourself to a Hive frontend without having to enter your private key on a computer. All you need is a compatible wallet app (Hive Keychain) installed on your mobile phone.
@arcange is the person behind the HiveAuth project and has made available a HiveAuth server and a wrapper library that facilitate the integration into an existing app.
HiveAuth in a nutshell
The basic idea of HiveAuth is to create a communication channel between an app (frontend such as Hive.Blog or Peakd) installed on your computer (or also your mobile phone) and a wallet app installed on your mobile phone. When authenticating yourself or performing an action that requires signing with your private key (post, comment, vote etc...), instead of giving your private key to the app, or instead of installing a browser extension (Hive Keychain) on a computer you don't trust, you can use the wallet app on your mobile phone.
The app makes a request to HiveAuth server which then transmit it to the mobile wallet app. The mobile wallet app then uses the key you already stored in it to sign the transaction and returns the signed data to the app via HiveAuth server. During this process, neither the app or HiveAuth server will know the private key. Only the trusted mobile wallet app will have the key.
HiveAuth Client library
When I integrated HiveAuth to the Condenser, I took the opportunity to create my own wrapper library. It is based on @arcange's HiveAuth Wrapper Library but it's taking the event based approach to minimise the use of callback functions for more clarity and it also minimises the user of timeout and intervals internally. This refactoring of the library also allowed me to understand more how things work.
Installation
The HiveAuth Client library is available on GitHub: https://github.com/quochuy/hive-auth-client
It's also available as an NPM package that can be installed to your project with the following command:
yarn add hive-auth-client
Then simply import it into your script:
import HasClient from 'hive-auth-client';
Configuration
Once imported, you will need some little configuration. The following command, will instantiate the client class and define the hostname for the HiveAuth server to use:
const client = new HasClient('hive-auth.arcange.eu', '', true);
You will also need to configure some metadata to identify your app to the mobile wallet app:
const APP_META = {
name: 'Hive Blog',
description: 'Hive Blog',
icon: '
,
};
Finally, you will have to create an auth object that will store authentication data for the user. This auth data is to identify your session with the HiveAuth server:
const auth = {
username: undefined,
token: undefined,
expire: undefined,
key: undefined,
};
Authentication + Challenge
The first thing you'll need to do is handle the login to your app by requesting an authentication with the mobile wallet app and at the same time request a challenge to sign with a posting key (or any other type of private keys depending on what your app needs to do).
https://gist.github.com/quochuy/045bd6604aa9dd02bec088742e0b9bf3
The client library will auto-connect the websocket when attempting to send a message and will automatically attempt a reconnection if it is dropped.
Broadcasting a transaction
Similarly to authenticating, to broadcast a transaction you just setup your event handlers first, then call client.broadcast();
https://gist.github.com/quochuy/95ec5d5459d3a45c5616dd78f005d17e
Documentations
My HiveAuth Client library will only help you handle communication between your app and the HiveAuth server. You can see the list of available methods and events on the NPM page:
https://www.npmjs.com/package/hive-auth-wrapper
For a complete integration, you still need to understand and handle the rest of the HiveAuth protocol. For that, checkout the HiveAuth documentations:
https://docs.hiveauth.com/