AuthMe-KYC
A javascript interface for interacting with the AuthMe app.
Demo
Demo app. implementation is available on Codepen.
About
This package includes library for HTTP integration with AuthMe API publicly hosted on https://api.authme.com.
Browser compatibility
Latest ✔ | Latest ✔ | Latest ✔ | Latest ✔ |
How to use
Install package
npm install authme-kyc
Using CDN
You can also link the scripts from unpkg: https://unpkg.com/authme-kyc/dist/
If you only wish to use SDK without UI component, use minified version authme.min.js
AuthMe API Proxy
To avoid leaking your credentials (AuthMe API Authorization header = API key + API secret) to your visitors in the frontend Javascript application, your frontend application in the production environment should have access to the backend proxy application and backend proxy application should append the authorization credentials, and in this proxy application you could execute your additional business logic.
Example implementation in Node.js Express application
Minimum proxy implementation which ensure the security for your credentials are available here https://github.com/AuthMe-KYC/authme-api-proxy-example this example can be easily hosted at Webtask.io service in few minutes. More details about this example are available in this README.md
Data encryption
The data retrieve from AuthMe App will exchanged by AuthMe Service, the SDK will generate a AES 128 key automatically and forwarding to the App for data encryption (CBC, Zero padding). The encrypted data will be transport back to the request originator browser and been decrypt by SDK, AuthMe service will never know any personal information since data has been encrypted.
The SDK can specify AES key programmatically also.
$("#btn").genAuth({
key: "ST7v4nmUkEOdPln6YIZ5pg==" // 128 bit base64 key
});
Javascript events
Currently we have implemented AuthMe KYC solution to dispatch additional HTML DOM events which can easily be accessed with javascript. Component fires three kind of events which are important for interacting with the rest of the page. Adding event listeners is the way to communicate with the component.
onLinkGenerated
This event is fired after link or qrcode has been generated, if user visit your website on desktop browser, it will generate a qrcode for scan. Otherwise it will generate a deep link for click.
Plain javascript code example:
$("#btn").genAuth({
onLinkGenerated: function(isMobile) {
if(isMobile) {
// TODO: If visitor from mobile
} else {
// TODO: If visitor from desktop browser
}
}
});
onAppOpen
This event is fired after AuthMe mobile app has been called from deeplink. Notice this function only work when user visit your web on desktop browser, because mobile device will always open a new tab when app turn back to browser.
Plain javascript code example:
$("#btn").genAuth({
onAppOpen: function() {
// TODO: When AuthMe app called
}
});
done
This event is fired after verification process completed. This event includes a one-time result uuid for retrieving user data from the server. It will also fired the callback url.
Plain javascript code example:
$("#btn").genAuth({
done: function(result) {
// TODO: When verification done
console.log(result.uuid);
}
});
Feature: desktop-to-mobile
With this feature, component is able to start verification process from the browser on desktop computer then call App on user's smartphone for verification to validate user's identity, then call API and return results to the desktop where component initially started.
All data by default is exchanged over AuthMe Service
, this may be replaced by firebase service in the future.
How it works
- component is loaded at the browser on desktop
- user requests feature by scanning the QRCode (The SDK will automatically detect whether generating a deep link or QR Code)
- component at the desktop generate exchange link with QR code and secret key for AES encryption
- user at smartphone should open generated exchange link (link contains scan identificator and AES secret key for encryption), recommended way is to scan QR code with QR reader integrated in native camera app on the iOS and Android or with custom QR reader
- user scan the document with native NFC reader and complete face recognition
- component loaded at smartphone calls AuthMe API, encrypt result and store it to the exchanged object at
AuthMe Service
- component loaded at desktop is subscribed for the changes, reads encrypted results stored in
AuthMe Service
, decrypts it and display it to the user
Development
npm install
Realtime watch & build
npm start
Build release
npm build
and fetch files from dist
directory