Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
@didtools/pkh-ethereum
Advanced tools
Readme
Implements support to authenticate, authorize and verify with Ethereum accounts as a did:pkh with SIWE(X) and CACAO.
Primarly used with did-session
and @didtools/cacao
.
npm install --save @didtools/pkh-ethereum
To Auth in a web based env, use any injected Ethereum provider that implements the standard interface with EthereumWebAuth
. A standard Ethereum provider should impelement the interface as defined by EIP-1193.
// Web Auth Usage
import { EthereumWebAuth, getAccountId } from '@didtools/pkh-ethereum'
// ...
const ethProvider = // import/get your web3 eth provider
const addresses = await ethProvider.request({ method: 'eth_requestAccounts' })
const accountId = await getAccountId(ethProvider, addresses[0])
const authMethod = await EthereumWebAuth.getAuthMethod(ethProvider, accountId)
To Auth in a Node based env, use any standard web3 provider interface with EthereumNodeAuth
// Node Auth Usage
import { EthereumNodeAuth, getAccountId } from '@didtools/pkh-ethereum'
// ...
const ethProvider = // import/get your web3 eth provider
const addresses = await ethProvider.request({ method: 'eth_requestAccounts' })
const accountId = await getAccountId(ethProvider, addresses[0])
const appName = 'MyNodeApp'
const authMethod = await EthereumNodeAuth.getAuthMethod(ethProvider, accountId, appName)
To use with did-session and reference did-session docs for more details.
const client = new ComposeClient({ceramic, definition})
const resources = client.resources
const session = await DIDSession.authorize(authMethod, { resources })
client.setDID(session.did)
AuthMethod creators consume a standard Ethereum provider and an AccountId. AccountID follows the
CAIP10 standard. The helper method getAccountID
is provided, but you can also create an AccountID
using the CAIP library directly.
import { AccountId } from 'caip'
import { getAccountId } from '@didtools/pkh-ethereum'
const accountId = await getAccountId(ethProvider, addresses[0])
const ethMainnetChainId = '1'
const chainNameSpace = 'eip155'
const chainId = `${chainNameSpace}:${ethMainnetChainId}`
const accountIdCAIP = new AccountId({ address, chainId })
// accountId = accountIdCAIP
The EthereumNodeAuth
additionally consumes an application name. The 'EthereumWebAuth' method uses your
application domain name by default.
import { EthereumNodeAuth } from '@didtools/pkh-ethereum'
const appName = 'MyNodeApp'
const authMethod = EthereumNodeAuth.getAuthMethod(ethProvider, accountId, appName)
Verifiers are needed to verify different did:pkh signed payloads using CACAO. Libraries that need them will consume a verifiers map allowing your to register the verifiers you want to support.
import { Cacao } from '@didtools/cacao'
import { getEIP191Verifier } from '@didtools/pkh-ethereum'
import { DID } from 'dids'
const verifiers = {
...getEIP191Verifier()
}
// Directly with cacao
Cacao.verify(cacao, { verifiers, ...opts})
// With DIDS, reference DIDS for more details
const dids = //configured dids instance
await dids.verifyJWS(jws, { capability, verifiers, ...opts})
Apache-2.0 OR MIT
FAQs
Implements support to authenticate, authorize and verify with Ethereum accounts as a did:pkh with SIWE(X) and CACAO. Primarly used with `did-session` and `@didtools/cacao`.
The npm package @didtools/pkh-ethereum receives a total of 7,562 weekly downloads. As such, @didtools/pkh-ethereum popularity was classified as popular.
We found that @didtools/pkh-ethereum demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.