omniauth-trezorconnect
Advanced tools
omniauth-trezorconnect provides an OmniAuth strategy for Trezor Connect Version 9.
With this strategy your users can use popular Trezor Wallet to login to your website.
Add this line to your application's Gemfile:
gem 'omniauth-trezorconnect'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-trezorconnect
In Rails app, add config/initializers/omniauth.rb: Trezor requires requires that you, as a Trezor Connect integrator, share your e-mail and application url with us. This provides with the ability to reach you in case of any required maintenance. This subscription is mandatory.
Rails.application.config.middleware.use OmniAuth::Builder do
provider :trezor, client_options: {
trezor_site: "https://examplesite.com",
trezor_email: "email@example.com"
}
end
These are the options you can specify that are relevant to Omniauth Trezor:
Challenge-response authentication via TREZOR. To protect against replay attacks, you must use a server-side generated and randomized challenge_hidden for every attempt. You can also provide a visual challenge that will be shown on the device.
:visual_challenge - Text that will be shown on the device (defaults to Time.now.strftime("%Y-%m-%d %H:%M:%S")):hidden_challenge - Hidden randomized hex string used to protect agains replay attacks (defaults to SecureRandom.hex(32))After successful authentication request.env['omniauth.auth'].extra contains all data that was used to verify the signature: visual_challenge, hidden_challenge, signature and public_key for your additional needs (ie. audit log).
Bug reports and pull requests are welcome on GitHub at https://github.com/karim-semmoud/omniauth-trezorconnect.
The gem is available as open source under the terms of the MIT License.
This gem is based on the gem omniauth-trezor. A special thanks goes to Kraxnet for his amazing contribution
Updgrade Trezor Connect from version 8 to version 9
Upgrade Omniauth gem from version 1 to version 2
Add mandatory App URL and Email to be shared with Trezor
FAQs
Unknown package
We found that omniauth-trezorconnect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.