passport-keybase
is an authentication strategy for Passport that uses the Keybase ID library for user authentication and identification. passport-keybase
exposes the KeybaseStrategy
passport strategy for use.
passport-keybase
depends on the Keybase ID library, as mentioned before. This package must be installed as a dependency in your NodeJS project and configured correctly before you can use passport-keybase
! Follow the instructions for getting that package installed and running, then proceed with the installation steps below.
Once you have the prerequisites met, simply install this package as a dependency in your NodeJS project, alongside express
, passport
, and keybase-id
.
npm install passport-keybase
The KeybaseStrategy
is fairly easy to setup once you have the keybase-id
package configured properly. KeybaseStrategy
takes two required parameters, a keybaseId
which points to an instance of the keybase-id
library, and a verify
callback, which is called upon successful user authentication and contains the authenticated user's username and Keybase Score. KeybaseStrategy
takes several optional parameters as well, including: passReqToCallback
, which changes the arguments passed to the verify
callback to include the request object as well, and signedMessageField
, verifyTxtField
, and usernameField
, which determine what field names in the request body to use for the signed message, verify text, and username authentication fields respectively.
const express = require('express');
const bodyParser = require('body-parser');
const passport = require('passport');
const KeybaseId = require('keybase-id');
const KeybaseStrategy = require('passport-keybase').Strategy;
// initialize the KeybaseId library
const keybaseId = new KeybaseId({
keybasePath: 'keybase',
minKbScore: 49,
twitterApiKey: 'abcd1234key',
twitterApiSecret: '1234abcdsecret',
});
// set `KeybaseStrategy` options
const keybaseOptions = {
keybaseId,
passReqToCallback: false,
signedMessageField: 'signedMessage',
verifyTxtField: 'verifyTxt',
usernameField: 'username',
};
// create `KeybaseStrategy` verify callback
const verifyCallback = (username, score, done) => {
// use the user's unique Keybase username to look them up in your database, returning a unique user id
const user = {
id: 1,
user: 'lookup-user-using-username',
username: username,
score: score,
};
done(null, user);
};
// use the `KeybaseStrategy` strategy
passport.use(new KeybaseStrategy(keybaseOptions, verifyCallback));
// setup the express app
const app = express();
// use bodyParse so KeybaseStrategy can parse necessary fields
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
// initialize passport
app.use(passport.initialize());
// use the KeybaseStrategy for authenticating an endpoint
app.post('/login', passport.authenticate('keybase', { session: false }), (req, res) => {
// req.user contains the result you sent back in your verify callback method, `verifyCallback`
// store the unique user id you looked up and returned in your verify callback, in a JWT token
const jwtPayload = { id: req.user.id };
const expires = moment().add(2, 'h');
const bearerToken = jwt.sign(jwtPayload, jwtOptions.secretOrKey, { expiresIn: '2h' });
// return the JWT token
res.json({ bearerToken, expires });
});
// start the server on port 3000
app.listen(3000, () => console.log('App listening on port ' + port));
A full, working code example can be found and cloned at passport-keybase-example.