This constant is used in the [[redirectToSignInWithAuthRequest]]
Default user profile object
Look up a user profile by blockstack ID
that resolves to a profile object
Generates an authentication request that can be sent to the Blockstack
browser for the user to approve sign in. This authentication request can
then be used for sign in by passing it to the redirectToSignInWithAuthRequest
method.
Note: This method should only be used if you want to roll your own authentication
flow. Typically you'd use redirectToSignIn
which takes care of this
under the hood.
hex encoded transit private key
location to redirect user to after sign in approval
location of this app's manifest file
the permissions this app is requesting
the origin of this app
the time at which this request is no longer valid
Any extra parameters you'd like to pass to the authenticator. Use this to pass options that aren't part of the Blockstack auth spec, but might be supported by special authenticators.
the authentication request
Generated using TypeDoc
@stacks/auth
Construct and decode authentication requests for Stacks apps.
This package provides the auth logic used by the Stacks Connect library. If you're looking to integrate Stacks authentication into your web app, Stacks Connect provides a simple API and built-in user interface. See the authentication tutorial.
Installation
Usage
Generating an authentication request
The app domain is the URL to your website/app. This is how the Stacks authentication system identifies apps and determines what credentials to provide. Changing the app domain is equivalent to changing the app. Note that you also need to have a valid manifest.json file at the domain.
Next we set the basic permissions for your app to read and store user data. If your app will allow users to share data with other users, you will need an additional
publish_data
permission. We will also initiate aUserSession
object using the configuration.The authentication payloads are encrypted during transit, the encryption key generated below provides this
The Stacks auth process will open a compatible Stacks authenticator or browser extension to perform the authentication. So you will need to provide a redirect URL which the authenticator or extension can redirect to with the authentication payload. This page should process the authentication payload.
Set the location of your app manifest file. This file contains information about your app that is shown to the user during authentication.
Finally generate the authentication request payload:
The resulting payload can now be passed to a compatible Stacks authenticator or browser extension. If you are using Stacks connect, this is performed automatically.
If you would like to implement a Stacks authenticator, check out the reference implementation of the Stacks browser extension.
Handling an authentication response payload
After an authenticator has processed your app's request, and the user has granted permission, the resulting response will be passed back to your app via the URL set in your
redirectUri
.Below, we use
userSession.isSignInPending
to determine if there is an incoming authentication response. If detected, theuserSession.handlePendingSignIn
method will process the response and provide auserData
object containing the user's identity, BNS username and profile information.Checking if the user is signed in
Use the
userSession.isUserSignedIn
method to check if the user is already authenticated. If so, we can retrieve the user's profile data usinguserSession.loadUserData
.Sign out
To sign the user out simply call the
userSession.signUserOut
method.Data encryption
Stacks authentication also provides an easy way to encrypt the user's data. If you are using the
@stacks/storage
package, encryption is automatically enabled. If you would like to perform encryption outside of storage you can use theuserSession.encryptContent
anduserSession.decryptContent
methods.Note that encryption here uses the user's private key associated with your app only. If you need to share this data with another app or other users, you should use the equivalent methods from
@stacks/encryption
and provide a custom private key.