{"id":13515824,"url":"https://github.com/stellar-expert/albedo","last_synced_at":"2025-03-31T05:31:02.271Z","repository":{"id":47463086,"uuid":"242985688","full_name":"stellar-expert/albedo","owner":"stellar-expert","description":"Security-centric, developer-friendly, easy-to-use delegated signer and keystore for Stellar Network","archived":false,"fork":false,"pushed_at":"2025-02-18T12:42:00.000Z","size":4132,"stargazers_count":67,"open_issues_count":18,"forks_count":16,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-20T10:05:54.921Z","etag":null,"topics":["delegated-signer","keystore","stellar","wallet"],"latest_commit_sha":null,"homepage":"https://albedo.link","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stellar-expert.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-25T11:41:02.000Z","updated_at":"2025-03-10T05:01:34.000Z","dependencies_parsed_at":"2024-01-13T19:25:41.011Z","dependency_job_id":"27007e47-cd43-49c5-818a-b3d5b3179600","html_url":"https://github.com/stellar-expert/albedo","commit_stats":{"total_commits":151,"total_committers":5,"mean_commits":30.2,"dds":0.152317880794702,"last_synced_commit":"50a15d1f9716461bb97d9c91a4f526ea230818b5"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stellar-expert%2Falbedo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stellar-expert%2Falbedo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stellar-expert%2Falbedo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stellar-expert%2Falbedo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stellar-expert","download_url":"https://codeload.github.com/stellar-expert/albedo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246413230,"owners_count":20773053,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["delegated-signer","keystore","stellar","wallet"],"created_at":"2024-08-01T05:01:16.363Z","updated_at":"2025-03-31T05:30:59.658Z","avatar_url":"https://github.com/stellar-expert.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"# Albedo\n\n[**Albedo**](https://albedo.link) provides a safe and reliable way to use\nStellar accounts without trusting anyone with a secret key.\n\nIt works like a bridge for other applications that allows them to ask\npermissions to sign a transaction or verify identity on user's behalf, so the\nsame account can be used across the whole universe of Stellar applications.\nSensitive data is encrypted and safely stored in the browser – no one has access\nto user's secret key.\n\nFrom the developer's perspective, it takes only a few lines of code to turn\nany website into a production-ready Stellar wallet. Transactions building,\nsigning, validation, errors handling – we have everything covered. There is no\nneed to implement a keystore, build a dozen interfaces for transaction\nprocessing, and worry about security. In fact, things like payment request\ncan be implemented without any coding at all, therefore allowing instant\n\"stellarization\" of any marketplace or even simple Wordpress site by simply\ncopy-pasting code produced by the \n[payment request generator](https://albedo.link/playground#payment-request).\n\nAt the same time, Albedo provides a set of low-level tools for working with\ncomplex multi-sig schemes, making it a perfect match for advanced Stellar-based\napplications and smart-contracts.\n\nThis project consists of two parts:\n\n- [Frontend](./frontend) interface for [albedo.link](https://albedo.link)\nwebsite and browser extension UI – a thin wrapper which extends the\nfunctionality of the main website.\n- [Intent](./intent) library – a lightweight browser wrapper for Albedo API\nthat provides a promise-based interface for all supported intents.\n\nFor those who often use Stellar account we built browser extension – a thin\nwrapper on top of [albedo.link](https://albedo.link) website which has the same\nfunctionality as the main website, plus a few bonuses.\n\n## Features\n\n- Secure key management – secret keys never exposed to third-party services.\n- Secure transaction signing – browser sandbox guarantees isolated transactions\nsigning environment.\n- Web apps Single Sign-On – login to third-party websites, just like with Google\nor Facebook OAuth.\n- Multi-account support – use multiple accounts and switch them when you need it.\n- Message signing tools – sign and verify arbitrary data with your private keys.\n- [SEP-0007](https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0007.md)\ncompatible – automatically handles \"web+stellar\" links.\n- Works everywhere – the same account operates seamlessly on desktops,\nsmartphones, and any other device that has modern browser installed.\n\n## How it works\n\nThe easiest way to start exploring Albedo is to play around with the demo \n[playground](https://albedo.link/demo). \n\nAlbedo can be integrated on any website in three simple steps:\n\n1. Download and install Albedo intent NPM package:\n\n   ```shell script\n   npm i -S @albedo-link/intent\n   ```\n   \n2. Import the intent interface:\n\n   ```js\n   import albedo from '@albedo-link/intent'\n   ```\n   \n3. Invoke an intent as a reaction on button click or something similar:\n\n   ```js\n   document.getElementById('#btn').addEventListener('click', () =\u003e {\n     albedo.pay({\n       amount: '10',\n       destination: 'GCKOQGMTULKR55EWNHAXXJLTL25J3LT6BHHLBMDAVFKX3E32PCYVBO7M',\n       asset_code: 'TST',\n       asset_issuer: 'GBX6YUG3KCUEOBZRPN7TXBLMNXDW35XJOKDYFYIISDKDW4Y63LBCW6EI',\n       network: 'testnet'\n     })\n       .then(res =\u003e console.log(res)) // everything is ok, parse response here\n       .catch(e =\u003e console.error(e))  // handle errors or user's rejection\n   })\n   ```\n   \n\nAlternatively, you can import the UMD build in the browser directly from\n[UNPKG](https://unpkg.com/):\n\n```html\n\u003cscript src=\"https://unpkg.com/@albedo-link/intent/lib/albedo.intent.js\"\u003e\u003c/script\u003e\n```\n\n(`albedo` is available in a global execution context) \n\n#### Available intents\n\nThe [intent module](./intent) supports the following actions (\"intents\"):\n\n- `public_key` - requests account public key\n- `sign_message` – requests arbitrary data signing\n- `tx` – requests transaction signing\n- `pay` – requests a payment\n- `trust` – requests new trustline creation\n- `exchange` – requests trading on Stellar DEX\n- `implicit_flow` – requests implicit session permission for one or more scopes\n\nCheck [intent module docs](./intent) for the detailed description, parameter\ndefinitions, and usage examples.\n\n#### Authorization flows\n\nThe signer supports three authorization flows: \n\n**Interactive flow**\n\nA popup window with request details is shown each time an initiator website\nrequests the action.\n\n1. A user invokes some action on the third-party website (a wallet, DEX\ninterface, inflation pool etc).\n2. The website prepares the requested transaction and its XDR representation\nin base64 format. Alternatively, simple operations like `pay` or `exchange` can\nbe used to request an action without building a tx.\n3. The website initiates the intent (see [available intents](#available-intents)\nlist) using `albedo-intent` module that provides an interface for all supported\nintents.\n4. In turn, `albedo-intent` module opens new pop-up window pointing to\n`albedo.link`. Intent parameters are transmitted via `postMessage` API once\nthe pop-up is open.\n5. Albedo reads parameters and asks the user for a confirmation.\n6. A user chooses an account from the list of stored accounts (or adds a new\none) and confirms the action.\n7. Albedo signs the transaction the same way any other wallet does it.\n8. A signed transaction in the XDR-serialized form sent back to the initiator site.\n9. The initiator website receives a signed transaction envelope and may choose\neither to submit it to the network or store somewhere in case if the tx needs\nmore signatures or time bounds prevent it from submitting right away.\n\nIntent confirmation dialog always contains extended request information,\nincluding intent description (like \"Sign transaction\"), initiator website\n(\"origin: example.com\"), risk level (\"high\", \"medium\", or \"low\"),\nand safety status (\"safe\" or \"potentially unsafe\"). \n\nIntent-specific details allow a user to review the request before confirmation.\nFor instance, a dialog with `tx` intent displays full transaction information\nincluding all meaningful properties and the list of operations in a\nhuman-friendly format adapted for the ordinary users.\n\n**Implicit mode**\n\nImplicit mode simplifies recurrent tasks, like using DEX or sending multiple\npayments. It works similarly to OAuth. The application first\nrequests permission to execute certain actions without showing the confirmation\ndialog window. If the a grants permission, a session token is created.\n\nWhen application consequently asks for, say, signing a transaction, the\n`intent` module sends session token alongside with the request and the action\nis executed automatically, without showing a confirmation dialog.\nThe session is valid for max 24h, or until the user closes the browser window.\nWith interaction carried completely on the client-side, it is both secure and\ntrustless.\n\nThis behavior allows implementing flow similarly to regular wallets.\nA user grants permission to the third-party application only once upon login and\nall other actions are executed transparently, without annoying repeated\nconfirmations.\n\n**SEP-0007 flow**\n\nThis callback-based flow supports [SEP-0007](https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0007.md) link format.\nWhen Albedo is set as a default *web+stellar* link handler (or when the browser\nextension installed), it redirects the browser to the signing interface\ninstead of showing a pop-up authorization dialog.\n\nA signed transaction can be either submitted to the network or returned to the\nprovided callback URL via POST request.\n\n## Development\n\nPlease refer to\n \n- [Frontend](./frontend/#development---web-app) development section.\n- [Extension](./frontend/#development---extension) development section.\n- [Intent module](./intent/#development) development section.\n\n## Contributions\n\nContributions and suggestions are most welcome.\n\nPlease ensure that tests are passing before submitting the pull request.\n\n```\nnpm test\n```\n\n## Questions and feedback\n\nCheck the [issue tracker](https://github.com/stellar-expert/albedo/issues)\nfor bug reports and feature requests.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstellar-expert%2Falbedo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstellar-expert%2Falbedo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstellar-expert%2Falbedo/lists"}