npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

passkeys-prf-client

v1.0.66

Published

A client npm package for passkeys authentication with PRF functionality

Downloads

77

Readme

passkeys-prf-client

This package provides a JavaScript client for interacting with a Passwordless authentication service that utilizes Passkeys and Proof-of-Possession (PoP) based on a user's private key.

Installation

npm install passkeys-prf-client

Prerequisites

Before you can use the passkeys-prf-client package, ensure you have completed the following steps:

  1. Create an Account on Bitwarden Passwordless.dev:

    • Sign up for an account on Passwordless.dev.
    • After signing up, create a new application within your account.
    • Once the application is created, retrieve the Public API Key, which will be required when configuring this package.
  2. Set Up a RESTful Backend API Server:

    • You need a backend API server that handles passkey authentication, initiating sign-ups, and verifying sign-ins with the Passwordless.dev private API service.

    • To get started, read the following documentation:

    • In your backend API, you will need to create the following endpoints:

      1. POST /passkeys-auth/signup/begin - Initiates the sign-up process.
      2. POST /passkeys-auth/signup/complete - Completes the sign-up process, checks with the Passwordless.dev server to confirm user registration, and sets a flag in your database.
      3. POST /passkeys-auth/signin/verify - Verifies the sign-in process.
      4. GET /passkeys-auth/credentials/list - Retrieves a list of all passkey credentials associated with a user. (At least one of userId or authToken is required)
      5. DELETE /passkeys-auth/credentials/delete - Deletes a specific passkey credential associated with a user. (credentialId must be provided in the request body)

Ensure your backend API server is configured with the Private API Key obtained from Passwordless.dev (as outlined in Step 1).

Usage

Import the PasswordlessService class

import { PasswordlessService } from 'passkeys-prf-client';

Instantiate the PasswordlessService class

const passwordlessService = new PasswordlessService('YOUR_PUBLIC_API_KEY', 'YOUR_BACKEND_API_ROOT_URL');
  • Replace YOUR_PUBLIC_API_KEY with your public API key obtained from the Bitwarden Passwordless service provider.
  • Replace YOUR_BACKEND_API_ROOT_URL with the root URL of your backend API that handles Passwordless authentication.

Browser Support

This client library requires the PublicKeyCredential API to be supported by the browser. This functionality is generally available in modern browsers. You can use the isBrowserSupported method to check for browser compatibility before proceeding.

passwordlessService.isBrowserSupported();

Passwordless Sign-up

  1. Initiate sign-up by providing the user's name and email address.
const signupResult = await passwordlessService.signup('John Doe', '[email protected]');

if (signupResult.error) {
  // Handle sign-up error
  console.error(signupResult.error);
} else {
  const { isPrfSupported, prfKey } = signupResult;
  // Use isPrfSupported to check if Proof-of-Possession is enabled and prfKey for the generated key (if available)
}
  1. The sign-up process typically involves user interaction with a browser window to create a new Passkey credential.

Passwordless Sign-in

There are two primary methods for signing in:

  • Using an alias (username)
const signinResult = await passwordlessService.signinWithAlias('johndoe');

if (signinResult.error) {
  // Handle sign-in error
  console.error(signinResult.error);
} else {
  const { isPrfSupported, prfKey } = signinResult;
  // Use isPrfSupported to check if Proof-of-Possession is enabled and prfKey for the retrieved key (if available)
}
  • Using browser autofill (if supported)
const signinResult = await passwordlessService.signinWithAutofill();

if (signinResult.error) {
  // Handle sign-in error
  console.error(signinResult.error);
} else {
  const { isPrfSupported, prfKey } = signinResult;
  // Use isPrfSupported to check if Proof-of-Possession is enabled and prfKey for the retrieved key (if available)
}

Error Handling

All methods that interact with the Passwordless service return a Promise that resolves to an object with an error property in case of errors or a result object containing details.

API Reference

The PasswordlessService class provides the following methods:

  • isBrowserSupported(): Checks if the browser supports the PublicKeyCredential API.
  • signup(name: string, email: string): Initiates user sign-up.
  • signinWithAlias(alias: string): Signs in a user using an alias (username).
  • signinWithAutofill(): Signs in a user using browser autofill (if supported).
  • signupOrSigninAbort(): Aborts any ongoing SignIn or SignUp operation.
  • getUserPasskeyCredentials(): Lists all passkey credentials associated with a user.
  • deleteUserPasskeyCredential(): Deletes passskey credential of a user.

Additional Notes

  • This client library interacts with a Passwordless service and the specific API behavior might differ depending on the service provider's implementation.
  • Refer to the Passwordless service provider's documentation for detailed information on their API endpoints and functionalities.