@graffiticode/auth

GC Auth

Auth application for Graffiticode applications.

API

• uid: user id, in practice this is a non 0x prefixed ethereum address.

GET /certs

Gets a JSON Web Key Set for the current set of keys being used to sign tokens.

• AUTH: none

GET /authenticate/ethereum/:address

Returns the current nonce for an ethereum address. This will generate a nonce if one does not currently exist.

• AUTH: none
• Request
  • address: used as the user id
• Response
  • nonce: Opaque random string used for authenticating with ethereum.

POST /authenticate/ethereum/:address

Performs Sign In With Ethereum processing for an address. If authentication succeeds a accessToken and refreshToken are issued to the caller.

• AUTH: none
• Request
  • address: used as the user id
  • signature: signed ethereum message with contents "Nonce: <nonce>"
• Response
  • accessToken: a short lived JWT that can be used to make authenticated calls to GC APIs (i.e. compilers or the API). This is optimization over the client having to call POST /authenticate/refresh_token.
  • refreshToken: a long lived opaque token for retrieving auth accessTokens.

POST /authenticate/refresh_token

Exchanges a refreshToken issued during authentication for a short lived JWT that can be used to make authenticated calls to the GC APIs.

• AUTH: none
• Request
  • refreshToken: the token issued during authentication
• Response
  • accessToken: a short lived JWT that can be used to make authenticated calls to GC APIs.

Development

• Start firebase emulators (NOTE: you only to do this once per GCP project).

npx firebase emulators:start

• Run GC Auth application (in another terminal)

npm run dev

• Run example usage

# Generate a signing key
curl -i -X POST http://localhost:4100/certs

node tools/run-ethereum.js