Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/algorandfoundation/liquid-auth

Liquid Auth Service
https://github.com/algorandfoundation/liquid-auth

authentication fido2 p2p passkeys webrtc

Last synced: about 2 months ago
JSON representation

Liquid Auth Service

Host: GitHub
URL: https://github.com/algorandfoundation/liquid-auth
Owner: algorandfoundation
License: agpl-3.0
Created: 2024-02-12T15:27:19.000Z (7 months ago)
Default Branch: develop
Last Pushed: 2024-07-22T18:51:15.000Z (about 2 months ago)
Last Synced: 2024-07-22T22:38:12.867Z (about 2 months ago)
Topics: authentication, fido2, p2p, passkeys, webrtc
Language: TypeScript
Homepage: http://liquidauth.com/
Size: 12.5 MB
Stars: 18
Watchers: 5
Forks: 5
Open Issues: 2
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-algorand - Liquid Auth - Liquid Auth is a self-hosted authentication service that provides a simple way to associate Passkeys to KeyPair(s) commonly found in cryptocurrencies. In addition to authentication, Liquid Auth provides a Peer to Peer signaling service. Not only can you authenticate users, but you can also establish secure connections between them. (Wallets / Protocols)

README

        # Algorand Authentication Service

- [Vision](VISION.md)

- [Architecture Diagram](ARCHITECTURE.md)

- [Sequence Diagram](SEQUENCE.md)

- [Decisions](.decisions/README.md)

# Overview

This project holds the standard FIDO2 api endpoints and the Proof of Knowledge for Algorand specific private keys.

The api is a stateful session-based architecture with endpoint guards.

A user must prove ownership of a private key to associate PublicKeyCredentials

## Getting started

### Prerequisites

- Node.js 18+

- Docker

#### Clone the project

```bash

git clone [email protected]:algorandfoundation/liquid-auth.git && cd liquid-auth

```

### NGROK

**note on VPNs**: Ngrok will not work with VPNs, so to run locally the project, `disable` it or `configure` your VPN's split tunneling to allow ngrok traffic.

Sign up for a free account at [ngrok](https://ngrok.com/) and follow the instructions to get your  and .

#### With Docker

Don't run the ngrok commands directly as expressed in the ngrok guide as it will create run-time port conflicts.

#### Without Docker

ngrok will ask you to add your auth token to your configuration file.

``` bash

ngrok config add-authtoken 

```

Will then ask you to deploy your static domain, make sure to change the port to **5173** like this:

``` bash

ngrok http --domain= 5173

```

#### Configure NGROK

Add a `ngrok.yml` configuration to the root directory.

##### Example Configuration

```yaml

version: 2

authtoken: 

tunnels:

  website:

    addr: liquid-auth:5173

    proto: http

    domain: 

```

*Make sure to update the `authtoken` and `domain` in the `ngrok.yml` file with your ngrok details.*

#### Update the Service's .env.docker file

Update the [.env.docker](.env.docker) file with the following keys with the values from ngrok:

```bash

HOSTNAME=

ORIGIN=https://

```

### Start services

Run the following command to start the backend:

```bash

docker-compose up -d

```

Navigate to the ngrok URL in your browser to test the FIDO2 feature.

## Using the app

#### Install the [Android client](https://github.com/algorandfoundation/liquid-auth-android/releases) to your device.

![Step-1.png](.docs%2FStep-1.png)

### QR Connect

Open the Connect Modal on the website and scan the QR code using the "Connect" button on the Android device.

Follow the instructions on the Android device to register a credential.

![Step-1-QRCode.png](.docs%2FStep-1-QRCode.png)

### Peer to Peer

Once the credential is registered, you can send messages over the peer connection.

![Step-2.png](.docs%2FStep-2.png)