This module is a plugin for the Seald SDK : @seald-io/sdk.
The @seald-io/sdk-plugin-ssks-2mr module allows to
use the SSKS key storage service to store Seald identities easily and securely, encrypted by a key stored on your
back-end server.
This module exposes a function, that takes keyStorageURL as argument, and returns a SDKPlugin
which can be passed to the SealdSDK constructor.
When the Seald SDK is passed this plugin, the SealdSDK instance is modified to have a ssks2MR property, which
exposes the SSKS2MR interface.
To use this plugin, your back-end server must first create an SSKS identity for the user in question by giving their email address. Also, the server has to generate a secure random secret key (called "twoManRuleKey") for the user.
After that, before each use of this plugin, your back-end server must start an SSKS session for the user. The
server responds with a session_id and with a boolean must_authenticate.
If there has never been an identity stored on SSKS for this user, the server responds with must_authenticate to
false. In that case, you can directly call saveIdentity with no challenge.
Otherwise, the user then receives an email, containing a challenge, and this plugin can use the sessionId, the
twoManRuleKey, and the challenge to store or retrieve their Seald identity on SSKS.
If the identity has been stored without no challenge, the first time the identity is retrieved afterwards, the
keys of the identity in question are automatically renewed and stored again onto SSKS. If the same identity is also
stored elsewhere (for example with @seald-io/sdk-plugin-ssks-password), you will have to save it again.
Example:
import SealdSDK from '@seald-io/sdk'
import SealdSDKPluginSSKS2MR from '@seald-io/sdk-plugin-ssks-2mr'
const seald = SealdSDK({
appId,
apiURL,
plugins: [SealdSDKPluginSSKS2MR(keyStorageURL)] // passing the plugin to SealdSDK
})
await seald.initialize()
// Creating a Seald identity
await seald.initiateIdentity({ signupJWT })
// The SealdSDK instance now has a `ssks2MR` property : we can use `saveIdentity`
await seald.ssks2MR.saveIdentity({ userId, sessionId, authFactor: { type: 'EM', value: emailAdress}, twoManRuleKey }) // `twoManRuleKey` is the secret key stored by your app's back-end to secure this user's identityFor more information, visit our website : https://seald.io
For the full documentation, visit our documentation page : https://docs.seald.io/en/sdk/
© 2023 Seald SAS
You can find the license information of Open Source libraries used in Seald SDK for JavaScript at https://download.seald.io/download/js_dependencies_licenses.txt.