iotauth is a 2fa module built on iota's tangle ledger. To see an example of iotauth being implemented, checkout Blogshot's demo over at https://github.com/Blogshot/iotauth-demo. Sites wishing to implement this authentication method would follow this flow.
- present user with a seed or allow them to provide a seed.
- user backs up seed
- site or app stores users' seed as well.
- user attempts to log in to site
- user must attach a new address using their seed without reusing a previous address(send a 0 value transaction to their own public address)
- The transaction must be sent within the timeframe specified by the site or application (Defaults to infinity)
- optionally the app or site can specify a validation code for the user to be sent in json format {code: 'verificationcode'}.
This module uses iota-seed-generator to generate iota seeds. It appears this module uses windows powershell (when on windows) to generate a seed which I believe is not considered secure at this time. Please be aware of this when using the module. For more info check this github: https://github.com/bmavity/iota-seed-generator
related issue: bmavity/iota-seed-generator#1
NOTE: as of 2.0.0 seed generation and code generation have been removed and the responsibility will be on the consumer of this module.
Using npm:
$ npm i --save iota-authIn Node.js:
//with imports
import { IotAuth } from 'iota-auth';
//with require
const IotAuth = require('iota-auth').IotAuth;
//initialize with stored seed / passed seed from user
const seed ='PBGRWJXOALEOBXNUPCFUNWXSEXMYC9BVLLK9HMUDXNOETYJHSKBHDR9SWAWJIKVPFSBWNCNSQQJUFUPJM';
const iotaAuth = new IotAuth(seed);
//initialize with stored seed and expiration time (minutes)
const iotaAuth = new IotAuth(seed, 6);
//checks whether code was passed within 6 minutes
//pass validation code
let code = 'LMNOPQ';
let isValid = await iotaAuth.isTransactionValid(code);
//get the set seed
let seed = await iotaAuth.getSeed();
//validate without a code
let isValid = await iotaAuth.isTransactionValid();