{"id":48917861,"url":"https://github.com/stytchauth/web-bot-auth-example","last_synced_at":"2026-04-17T03:35:27.062Z","repository":{"id":318715078,"uuid":"1055855207","full_name":"stytchauth/web-bot-auth-example","owner":"stytchauth","description":"An example of signing HTTP requests for Web Bot Auth","archived":false,"fork":false,"pushed_at":"2026-03-12T19:05:09.000Z","size":141,"stargazers_count":1,"open_issues_count":5,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-13T01:16:37.432Z","etag":null,"topics":["web-bot-auth"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stytchauth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-12T23:18:30.000Z","updated_at":"2025-12-13T04:25:38.000Z","dependencies_parsed_at":"2025-10-11T06:24:32.425Z","dependency_job_id":"0c13a7c3-087b-4550-a00f-0adb8e02f784","html_url":"https://github.com/stytchauth/web-bot-auth-example","commit_stats":null,"previous_names":["stytchauth/web-bot-auth-example"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/stytchauth/web-bot-auth-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stytchauth%2Fweb-bot-auth-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stytchauth%2Fweb-bot-auth-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stytchauth%2Fweb-bot-auth-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stytchauth%2Fweb-bot-auth-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stytchauth","download_url":"https://codeload.github.com/stytchauth/web-bot-auth-example/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stytchauth%2Fweb-bot-auth-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31913791,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"online","status_checked_at":"2026-04-17T02:00:06.879Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["web-bot-auth"],"created_at":"2026-04-17T03:35:24.929Z","updated_at":"2026-04-17T03:35:27.044Z","avatar_url":"https://github.com/stytchauth.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Web Bot Auth Example\n\nThis project demonstrates Web Bot Auth using HTTP Message Signatures with Ed25519 keys.\n\nWeb Bot Auth is an emerging standard for agents, bots, and crawlers to identify themselves.\nThis project contains the code for [this walkthrough guide on how to implement Web Bot Auth signing](https://stytch.com/blog/how-to-implement-web-bot-auth-signing).\n\nFor more information, see our blog post: [Stytch supports Web Bot Auth for agent and bot verification](https://stytch.com/blog/stytch-supports-web-bot-auth).\n\n## Getting started\n\nThis project was tested with Node v22.14.0 and should work with more recent versions of Node too.\n\nInstall dependencies: `npm install`\n\nThen, run the following scripts in the workflow.\n\n## Workflow\n\nFor a detailed explanation of the code, see [this walkthrough guide on how to implement Web Bot Auth signing](https://stytch.com/blog/how-to-implement-web-bot-auth-signing).\n\nThe project has been split into three separate scripts to handle the dependency on Pinggy:\n\n### 1. Generate Keys (One-time setup)\n```bash\nnpm run generate-keys\n```\nThis generates Ed25519 key pairs and saves them as PEM files.\nOnly needs to be run once or when you want to regenerate keys.\n\n### 2. Start Key Directory (JWKS) Server\n```bash\nnpm run serve-jwks\n```\nThis starts an Express server on port 3000 that serves the public key directory on `/.well-known/http-message-signatures-directory`.\nThis directory follows the format described in the draft proposal [HTTP Message Signatures Directory](https://datatracker.ietf.org/doc/draft-meunier-http-message-signatures-directory/).\n\n### 3. Run Pinggy SSH Tunnel\n\n[Pinggy](https://pinggy.io) is a service used to expose local ports to the public internet.\nIn this repo, it is required to expose your Signature-Agent key directory to the verifier.\n\nIn a separate terminal, run the Pinggy SSH command:\n```bash\nssh -p 443 -R0:localhost:3000 free.pinggy.io\n```\nCopy the resulting Pinggy URL (e.g., `https://abcde-123-456-78-90.a.free.pinggy.link`).\n\n### 4. Sign and Fetch\n```bash\nnpm run sign-and-fetch \u003cpinggy-url\u003e\n```\nThis creates the Web Bot Auth headers and tests that Stytch [IsAgent](https://isagent.dev) correctly verifies them.\n\nOptionally, you can test directly against the Stytch API as well.\nTo do so, create a free Stytch account.\nThen set your public token (available in the [dashboard](https://stytch.com/dashboard)) as the value of the environment variable `STYTCH_PUBLIC_TOKEN` before running the `sign-and-fetch` command above.\n\n## Example Complete Workflow\n\n```bash\n# Terminal 1: Generate keys (one-time)\nnpm run generate-keys\n\n# Terminal 1: Start key directory (JWKS) server\nnpm run serve-jwks\n\n# Terminal 2: Start Pinggy tunnel\nssh -p 443 -R0:localhost:3000 free.pinggy.io\n# Copy the URL from output, e.g.: https://abcde-123-456-78-90.a.free.pinggy.link\n\n# Terminal 3: Make signed requests\nnpm run sign-and-fetch https://abcde-123-456-78-90.a.free.pinggy.link\n```\n\n## Files\n\n- `crypto-utils.js` - Shared cryptographic utilities for key loading and JWK processing\n- `generate-keys.js` - Key generation and management\n- `serve-jwks.js` - Express server for key directory (JWKS)\n- `sign-and-fetch.js` - Signature creation and signed HTTP requests\n- `test-public-key.pem` - Generated public key (PEM format)\n- `test-private-key.pem` - Generated private key (PEM format)\n\n## Dependencies\n\n[Pinggy](https://pinggy.io) is a service for exposing local ports to the public internet,\nused to host the Signature-Agent key directory.\n\nJavascript libraries:\n\n- `jose` - Used for JSON Web Keys and related standards\n- `express` - Web framework for Node.js\n- `puppeteer` - Browser automation tool\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstytchauth%2Fweb-bot-auth-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstytchauth%2Fweb-bot-auth-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstytchauth%2Fweb-bot-auth-example/lists"}