Blockstack Auth Developer Preview

We're excited to show you a preview of a new library called Blockstack Auth, which enables applications to easily build on top of Blockstack and interact with Blockstack Identity and Blockstack Storage.

The javascript library is available for installation on npm and can be installed as a node package, and then packaged up for the frontend using a library like browserify or webpack. Installing Blockstack Auth is simple:

npm install blockstack  

Here's how it works...

Blockstack Auth provides two types of objects:

  • AuthRequest
  • AuthResponse

Applications create auth requests and send them to user identity providers. Meanwhile, user identity providers receive and validate auth requests, then create auth responses and send them back to the applications. Applications validate the auth responses and the authentication process is completed.

Here's how an app developer can create an auth request:

import {makeAuthRequest} from 'blockstack'  
const authRequest = makeAuthRequest(privateKey)  

The auth request token will be base64url encoded so it can be transmitted as a URL parameter. It should look something like this:

console.log(authRequestToken)  
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJpc3N1ZXIiOnsicHVibGljS2V5IjoiMDI3ZDI4Zjk5NTFjZTQ2NTM4OTUxZTM2OTdjNjI1ODhhODdmMWYxZjI5NWRlNGExNGZkZDRjNzgwZmM1MmNmZTY5IiwiYmxvY2tjaGFpbmlkIjoib25lbmFtZSJ9LCJpc3N1ZWRBdCI6MTQ0NDI1ODkzNTI1MSwiY2hhbGxlbmdlIjoiMGI0MjcyMmItZTc4MS00MzRhLTgwNWQtYzA5YzQ3NmU4NmI5IiwicGVybWlzc2lvbnMiOlsiYmxvY2tjaGFpbmlkIl19.4sMvmUQ6q5DuAEXYaVIwVSe1nzd4KjfU3hwfoUztEAx9Gwr5XmS9-sBQZ2iS_x4uxzG2de1CHlw-14ZrB9ejww'  

Here's how a user's identity provider can create an auth response on behalf of the user:

import {AuthResponse} from 'blockstack-auth'  
const authResponse = makeAuthResponse(privateKey, profile, username)  

The auth request token will be base64url encoded so it can be transmitted as a URL parameter. It should look something like this:

console.log(authResponseToken)  
'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJpc3N1ZXIiOnsicHVibGljS2V5IjoiMDNmZGQ1N2FkZWMzZDQzOGVhMjM3ZmU0NmIzM2VlMWUwMTZlZGE2YjU4NWMzZTI3ZWE2NjY4NmMyZWE1MzU4NDc5IiwiYmxvY2tjaGFpbmlkIjoicnlhbiIsInB1YmxpY0tleWNoYWluIjoieHB1YjY2MU15TXdBcVJiY0ZRVnJRcjRRNGtQamFQNEpqV2FmMzlmQlZLalBkSzZvR0JheUU0NkdBbUt6bzVVRFBRZExTTTlEdWZaaVA4ZWF1eTU2WE51SGljQnlTdlpwN0o1d3N5UVZwaTJheHpaIiwiY2hhaW5QYXRoIjoiYmQ2Mjg4NWVjM2YwZTM4MzgwNDMxMTVmNGNlMjVlZWRkMjJjYzg2NzExODAzZmIwYzE5NjAxZWVlZjE4NWUzOSJ9LCJpc3N1ZWRBdCI6MTQ0NDI1OTQyMjE5NiwiY2hhbGxlbmdlIjoiMGI0MjcyMmItZTc4MS00MzRhLTgwNWQtYzA5YzQ3NmU4NmI5In0.8TLQF_PI_egjP6WVlmf2rxPH-PMgrSDHGKE7d29qxU5KBRMlHppOIx69AoBdEEFr0HSFW0mDbM60W3kHC5jc-Q'  

One thing to note is that this is the bare metal of the Blockstack authentication system. It is still in a raw form and more work is required to get it into a "plug-and-play" state.

In a future release, we'll be coming out with a comprehensive library that you can easily drop into your application and issue a few simple calls to authenticate the user. Stay tuned.