0.0
No commit activity in last 3 years
No release in over 3 years
OmniAuth strategy for authenticating against the Trezor Connect
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.10
~> 10.0

Runtime

~> 0.2
~> 1.9
~> 1.0
 Project Readme

omniauth-trezor gem badge dotate

omniauth-trezor provides an OmniAuth strategy for Trezor Connect.

With this strategy your users can use popular Bitcoin Trezor to login to your website.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-trezor'

And then execute:

$ bundle

Or install it yourself as:

$ gem install omniauth-trezor

Usage

In Rails app, add config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :trezor, hosticon: "https://image.url"
end

Or, in a Sinatra app:

use OmniAuth::Builder do
  provider :trezor, hosticon: 'https://example.com/icon.png'
end

post '/auth/trezor/callback' do
  auth = request.env['omniauth.auth]
  # Use the auth info
end

Options

These are the options you can specify that are relevant to Omniauth Trezor:

Challenge-response authentication via TREZOR. To protect against replay attacks, you must use a server-side generated and randomized challenge_hidden for every attempt. You can also provide a visual challenge that will be shown on the device.

  • :visual_challenge - Text that will be shown on the device (defaults to Time.now.strftime("%Y-%m-%d %H:%M:%S"))
  • :hidden_challenge - Hidden randomized hex string used to protect agains replay attacks (defaults to SecureRandom.hex(32))
  • :hosticon - Optional site icon https url. Should be at least 48x48px.

Callback phase

After successful authentication request.env['omniauth.auth'].extra contains all data that was used to verify the signature: visual_challenge, hidden_challenge, signature and public_key for your additional needs (ie. audit log).

Donations

Please support development of this library by donating at: 1EqK3cYaeRWnzzEYTXcXsWBhukJcv5EpXQ

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/kraxnet/omniauth-trezor.

License

The gem is available as open source under the terms of the MIT License.