EthOTP is a Node.js implementation of Ethereum One-Time Password (EthOTP) Authentication. It provides a costless mechanism of securely determining Ethereum address ownerships off-chain for any Ethereum network without transmission of the private key.
This module is to be used as middleware for conventional web authentication implementations such as session or token based authentication.
- Client requests a challenge-string from server
- Server uses EthOTP to generate a challenge-string and send it to the client (whilst storing the challenge-string)
- The client signs the challenge-string with their private key (via MetaMask/hardware wallet/whatever) and sends it back
- Server receives the signed challenge-string and verifies (signature matching challenge-string) and validates (check that challenge-string is generated by EthOTP and not time expired) the challenge-string
- Server then has proof of ownership of the address, and can then continue to authenticate the client via JWT or something else
- Message board where users are not allowed to post unless they have a certain amount of ETH or token
- Removing username/password authentication requirements (sign in using address only, then linking that to accounts)
let challengeString = ethotp.generateChallenge();
let isVerifiedAndValid = ethotp.validateAndVerify(message, signature, address);
isVerifiedAndValid is a boolean value representing whether the message was signed with the signature and that the address is the signer of the message
npm install ethotp
npm test
If you find any vulnerabilities please let me know on github as an issue thanks ٩( ''ω'' )و