IotAuth
iotauth is a 2fa module built on iota's tangle ledger. To see an example of iotauth being implemented, checkout Blogshot's demo over at https://github.com/Blogshot/iotauth-demo. Sites wishing to implement this authentication method would follow this flow.
- present user with a seed or allow them to provide a seed.
- user backs up seed
- site or app stores users' seed as well.
- user attempts to log in to site
- user must attach a new address using their seed without reusing a previous address(send a 0 value transaction to their own public address)
- The transaction must be sent within the timeframe specified by the site or application (Defaults to infinity)
- optionally the app or site can specify a validation code for the user to be sent in json format {code: 'verificationcode'}.
This module uses iota-seed-generator to generate iota seeds. It appears this module uses windows powershell (when on windows) to generate a seed which I believe is not considered secure at this time. Please be aware of this when using the module. For more info check this github: https://github.com/bmavity/iota-seed-generator
related issue: https://github.com/bmavity/iota-seed-generator/issues/1
NOTE: as of 2.0.0 seed generation and code generation have been removed and the responsibility will be on the consumer of this module.
Using npm:
$ npm i --save iota-auth
In Node.js:
//with imports; //with requireconst IotAuth = IotAuth; //initialize with stored seed / passed seed from userconst seed ='PBGRWJXOALEOBXNUPCFUNWXSEXMYC9BVLLK9HMUDXNOETYJHSKBHDR9SWAWJIKVPFSBWNCNSQQJUFUPJM';const iotaAuth = seed; //initialize with stored seed and expiration time (minutes)const iotaAuth = seed 6;//checks whether code was passed within 6 minutes //pass validation codelet code = 'LMNOPQ';let isValid = await iotaAuth; //get the set seedlet seed = await iotaAuth; //validate without a codelet isValid = await iotaAuth;