Cryptosign-based Authentication

Wampy.js supports cryptosign-based authentication. To use it you need to provide authid, onChallenge callback and authextra as wampy instance options. Also, Wampy.js supports cryptosign authentication method with a little helper plugin "wampy-cryptosign". Just add "wampy-cryptosign" package and use provided methods as shown below.

The authextra option may contain the following properties for WAMP-Cryptosign:

Field

Type

Required

Description

pubkey

string

yes

The client public key (32 bytes) as a Hex encoded string, e.g. 545efb0a2192db8d43f118e9bf9aee081466e1ef36c708b96ee6f62dddad9122

channel_binding*

string

If TLS channel binding is in use, the TLS channel binding type, e.g. "tls-unique".

challenge

string

A client chosen, random challenge (32 bytes) as a Hex encoded string, to be signed by the router.

trustroot

string

When the client includes a client certificate, the Ethereum address of the trustroot of the certificate chain to be used, e.g. 0x72b3486d38E9f49215b487CeAaDF27D6acf22115, which can be a Standalone Trustroot or an On-chain Trustroot

*: channel_binding is not supported yet. And may be supported only in node.js environment.

'use strict';

import { Wampy } from 'wampy';
import * as wampyCS from 'wampy-cryptosign';
// or you can import only sign method
//import { sign } from 'wampy-cryptosign';

/**
 * Manual authentication using signed message
 */
wampy = new Wampy('wss://wamp.router.url', {
    realm: 'realm1',
    authid: 'joe',
    authmethods: ['cryptosign'],
    authextra: {
        pubkey: '545efb0a2192db8d43f118e9bf9aee081466e1ef36c708b96ee6f62dddad9122'
    },
    onChallenge: (method, info) => {
        console.log('Requested challenge with ', method, info);
        return wampyCS.sign('joe secret (private) key')(method, info);
    }
});

/**
 * Promise-based manual authentication using signed message
 */
wampy = new Wampy('wss://wamp.router.url', {
    realm: 'realm1',
    authid: 'micky',
    authmethods: ['cryptosign'],
    authextra: {
        pubkey: '545efb0a2192db8d43f118e9bf9aee081466e1ef36c708b96ee6f62dddad9122'
    },
    onChallenge: (method, info) => {
        return new Promise((resolve, reject) => {
            setTimeout(() => {
                console.log('Requested challenge with ', method, info);
                resolve(wampyCS.sign('micky secret (private) key')(method, info));
            }, 2000);
        });
    }
});

/**
 * Automatic CryptoSign authentication
 */
wampy = new Wampy('wss://wamp.router.url', {
    realm: 'realm1',
    authid: 'patrik',
    authmethods: ['cryptosign'],
    authextra: {
        pubkey: '545efb0a2192db8d43f118e9bf9aee081466e1ef36c708b96ee6f62dddad9122'
    },
    onChallenge: wampyCS.sign('patrik secret (private) key')
});

PreviousChallenge Response Authentication NextAutomatically chosen Authentication

Last updated 2 years ago