Skip to content

OmniAuth strategy for authenticating against the Trezor Connect

License

Notifications You must be signed in to change notification settings

kraxnet/omniauth-trezor

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

omniauth-trezor gem badge dotate

omniauth-trezor provides an OmniAuth strategy for Trezor Connect.

With this strategy your users can use popular Bitcoin Trezor to login to your website.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-trezor'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-trezor

Usage

In Rails app, add config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :trezor, hosticon: "https://image.url"
end

Or, in a Sinatra app:

use OmniAuth::Builder do
  provider :trezor, hosticon: 'https://example.com/icon.png'
end

post '/auth/trezor/callback' do
  auth = request.env['omniauth.auth]
  # Use the auth info
end

Options

These are the options you can specify that are relevant to Omniauth Trezor:

Challenge-response authentication via TREZOR. To protect against replay attacks, you must use a server-side generated and randomized challenge_hidden for every attempt. You can also provide a visual challenge that will be shown on the device.

  • :visual_challenge - Text that will be shown on the device (defaults to Time.now.strftime("%Y-%m-%d %H:%M:%S"))
  • :hidden_challenge - Hidden randomized hex string used to protect agains replay attacks (defaults to SecureRandom.hex(32))
  • :hosticon - Optional site icon https url. Should be at least 48x48px.

Callback phase

After successful authentication request.env['omniauth.auth'].extra contains all data that was used to verify the signature: visual_challenge, hidden_challenge, signature and public_key for your additional needs (ie. audit log).

Donations

Please support development of this library by donating at: 1EqK3cYaeRWnzzEYTXcXsWBhukJcv5EpXQ

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/kraxnet/omniauth-trezor.

License

The gem is available as open source under the terms of the MIT License.

About

OmniAuth strategy for authenticating against the Trezor Connect

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages