@cogitojs/telepath-js
Advanced tools
Provides a secure channel for communication between a web app running in a browser and an app running on a mobile device.
Setting up a secure channel between the mobile device and a browser is done using a QR code that is presented by the web app whenever a secure channel is required. The user can then open the secure channel by scanning the QR code using the app on the phone.
Telepath consists of a javascript library that can be used in web apps, and an iOS library for mobile apps.
Because both the browser and phone are likely to be behind distinct NAT, we use a service with a public ip address to facilitate peer-to-peer communication between them. This is a fairly simple service that only holds end-to-end encrypted messages in queues.
The channel supports bi-directional communication; both from the web app to the mobile app, and vice-versa. A channel therefore consists of two queues, which we’ve named ‘blue’ and ‘red’. The red queue is used to send messages from the web app to the mobile app, and the blue queue is used for the reverse route.
------------- ------------
| web | ---------- red ----------> | mobile |
| app | <--------- blue ---------- | app |
------------- ------------
Setting up a secure channel is done using these steps:
createChannel function on the javascript library.createChannel function generates a random channel id I and a symmetric encryption key E.I and key E.I. They encrypt/decrypt their messages using key E.The channel id I and key E are first encoded in a URL, and then the URL is encoded in a QR code. This allows a user to scan the QR code using the standard camera app in iOS and be directed to the telepath-enabled mobile app.
An example of such a URL and its QR Code:
https://example.com/telepath/connect#I=2oxSJ6_eyP7JXsn6VK7ooB_u&E=m8JzVbVlEwlzzR0-o8-AU0F6oONYcqvLW5YVLvLLP6s
The URL is made up of the following components:
<base url>telepath/connect#I=<channel id>&E=<encryption key>
where:
<base url> is the url that is registered to open the mobile app in iOS or Android<channel id> is the channel id string, percent encoded for use in a URL fragment<encryption key> is the encryption key, base64url encodedAdd @cogitojs/telepath-js as a dependency:
$ yarn add @cogitojs/telepath-js
Then import Telepath in your own module:
import { Telepath } from '@cogitojs/telepath-js'
You create an instance of Telepath by providing the URL of the queuing
service to the Telepath class:
const telepath = new Telepath('https://queuing.example.com')
Having an instance of Telepath, you can create a new channel
with a random id and a random encryption key as follows:
const channel = await telepath.createChannel({ appName: 'My Web App' })
If you do not want the channel with a random id and a key, but rather recreate
the channel with the previously obtained id and the key, you can provide them
as additional attributes in the object passed to the createChannel method:
const channel = await this.telepath.createChannel({
id: channelId,
key: channelKey,
appName: 'My Web App'
})
At some point, you will need to create a QR code so that you can scan
with a mobile app and obtain the channel identifier and the symmetric
key as described above. Telepath provides a convenience method that given the base url
(see Section QR Code above) it return a properly formatted connection URL.
You can use this connection URL as an input to your QR code generation library.
The resulting QR code can be scanned by the mobile
app and used to connect to this channel. The telepath library does not include
functionality for displaying QR codes, you can use a QR code component such as
qrcode.react for this purpose.
const connectUrl = channel.createConnectUrl('https://example.com')
// returns: https://example.com/telepath/connect#I=<channelID>&E=<symmetricKey>
Messages are exchanged using JSON-RPC:
const request = { jsonrpc: '2.0', method:'test', id: 1 }
const response = await channel.send(request)
The send method returns a promise. The queuing service will be polled for a
response for at least 10 minutes. If no response is available after this time it
will return null.
Currently uses independent encryption of messages. A recipient can therefore not detect if some messages have been duplicated, deleted or reordered.
Telepath often comes hand in hand with [Cogito Web3 Provider].
FAQs
Secure communication channel between mobile app and web app
The npm package @cogitojs/telepath-js receives a total of 5 weekly downloads. As such, @cogitojs/telepath-js popularity was classified as not popular.
We found that @cogitojs/telepath-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.