blockstack
Version:
The Blockstack Javascript library for authentication, identity, and storage.
1,457 lines (785 loc) • 113 kB
HTML
<!doctype html>
<html>
<head>
<meta charset='utf-8' />
<title>blockstack 18.3.0 | Documentation</title>
<meta name='viewport' content='width=device-width,initial-scale=1'>
<link href='assets/bass.css' type='text/css' rel='stylesheet' />
<link href='assets/style.css' type='text/css' rel='stylesheet' />
<link href='assets/github.css' type='text/css' rel='stylesheet' />
<link href='assets/split.css' type='text/css' rel='stylesheet' />
</head>
<body class='documentation m0'>
<div class='flex'>
<div id='split-left' class='overflow-auto fs0 height-viewport-100'>
<div class='py1 px2'>
<h3 class='mb0 no-anchor'>blockstack</h3>
<div class='mb1'><code>18.3.0</code></div>
<input
placeholder='Filter'
id='filter-input'
class='col12 block input'
type='text' />
<div id='toc'>
<ul class='list-reset h5 py1-ul'>
<li><a
href='#authentication'
class="h5 bold black caps">
Authentication
</a>
</li>
<li><a
href='#redirecttosignin'
class="">
redirectToSignIn
</a>
</li>
<li><a
href='#issigninpending'
class="">
isSignInPending
</a>
</li>
<li><a
href='#handlependingsignin'
class="">
handlePendingSignIn
</a>
</li>
<li><a
href='#loaduserdata'
class="">
loadUserData
</a>
</li>
<li><a
href='#isusersignedin'
class="">
isUserSignedIn
</a>
</li>
<li><a
href='#signuserout'
class="">
signUserOut
</a>
</li>
<li><a
href='#makeauthrequest'
class="">
makeAuthRequest
</a>
</li>
<li><a
href='#generateandstoretransitkey'
class="">
generateAndStoreTransitKey
</a>
</li>
<li><a
href='#redirecttosigninwithauthrequest'
class="">
redirectToSignInWithAuthRequest
</a>
</li>
<li><a
href='#getauthresponsetoken'
class="">
getAuthResponseToken
</a>
</li>
<li><a
href='#profiles'
class="h5 bold black caps">
Profiles
</a>
</li>
<li><a
href='#extractprofile'
class="">
extractProfile
</a>
</li>
<li><a
href='#wrapprofiletoken'
class="">
wrapProfileToken
</a>
</li>
<li><a
href='#signprofiletoken'
class="">
signProfileToken
</a>
</li>
<li><a
href='#verifyprofiletoken'
class="">
verifyProfileToken
</a>
</li>
<li><a
href='#validateproofs'
class="">
validateProofs
</a>
</li>
<li><a
href='#lookupprofile'
class="">
lookupProfile
</a>
</li>
<li><a
href='#storage'
class="h5 bold black caps">
Storage
</a>
</li>
<li><a
href='#getfile'
class="">
getFile
</a>
</li>
<li><a
href='#putfile'
class="">
putFile
</a>
</li>
<li><a
href='#encryptcontent'
class="">
encryptContent
</a>
</li>
<li><a
href='#decryptcontent'
class="">
decryptContent
</a>
</li>
<li><a
href='#getappbucketurl'
class="">
getAppBucketUrl
</a>
</li>
<li><a
href='#getuserappfileurl'
class="">
getUserAppFileUrl
</a>
</li>
<li><a
href='#detectprotocollaunch'
class="">
detectProtocolLaunch
</a>
</li>
<li><a
href='#getnameprice'
class="">
getNamePrice
</a>
</li>
<li><a
href='#getnamespaceprice'
class="">
getNamespacePrice
</a>
</li>
<li><a
href='#getgraceperiod'
class="">
getGracePeriod
</a>
</li>
<li><a
href='#getnamesowned'
class="">
getNamesOwned
</a>
</li>
<li><a
href='#getnamespaceburnaddress'
class="">
getNamespaceBurnAddress
</a>
</li>
<li><a
href='#getnameinfo'
class="">
getNameInfo
</a>
</li>
<li><a
href='#getnamespaceinfo'
class="">
getNamespaceInfo
</a>
</li>
<li><a
href='#getzonefile'
class="">
getZonefile
</a>
</li>
<li><a
href='#getaccountstatus'
class="">
getAccountStatus
</a>
</li>
<li><a
href='#getaccounthistorypage'
class="">
getAccountHistoryPage
</a>
</li>
<li><a
href='#getaccountat'
class="">
getAccountAt
</a>
</li>
<li><a
href='#getaccounttokens'
class="">
getAccountTokens
</a>
</li>
<li><a
href='#getaccountbalance'
class="">
getAccountBalance
</a>
</li>
<li><a
href='#listfiles'
class="">
listFiles
</a>
</li>
</ul>
</div>
<div class='mt1 h6 quiet'>
<a href='http://documentation.js.org/reading-documentation.html'>Need help reading this?</a>
</div>
</div>
</div>
<div id='split-right' class='relative overflow-auto height-viewport-100'>
<div class='keyline-top-not py2'><section class='py2 clearfix'>
<h2 id='authentication' class='mt0'>
Authentication
</h2>
<p>Blockstack Authentication provides single sign on and authentication without third parties or remote servers. Blockstack Authentication is a bearer token-based authentication system. From an app user's perspective, it functions similar to legacy third-party authentication techniques that they're familiar with. For an app developer, the flow is a bit different from the typical client-server flow of centralized sign in services (e.g., OAuth). Rather, with Blockstack, the authentication flow happens entirely client-side.</p>
<h2>Quickstart</h2>
<p>1) Install <code>blockstack.js</code>:</p>
<pre class='hljs'>npm install blockstack --save</pre>
<p>2) Import Blockstack into your project</p>
<pre class='hljs'><span class="hljs-keyword">import</span> * <span class="hljs-keyword">as</span> blockstack <span class="hljs-keyword">from</span> <span class="hljs-string">'blockstack'</span></pre>
<p>3) Wire up a sign in button</p>
<pre class='hljs'><span class="hljs-built_in">document</span>.getElementById(<span class="hljs-string">'signin-button'</span>).addEventListener(<span class="hljs-string">'click'</span>, <span class="hljs-function"><span class="hljs-keyword">function</span>(<span class="hljs-params"></span>) </span>{
blockstack.redirectToSignIn()
})</pre>
<p>4) Wire up a sign out button</p>
<pre class='hljs'><span class="hljs-built_in">document</span>.getElementById(<span class="hljs-string">'signout-button'</span>).addEventListener(<span class="hljs-string">'click'</span>, <span class="hljs-function"><span class="hljs-keyword">function</span>(<span class="hljs-params"></span>) </span>{
blockstack.signUserOut(<span class="hljs-built_in">window</span>.location.origin)
})</pre>
<p>5) Include the logic to (a) load user data (b) handle the auth response</p>
<pre class='hljs'><span class="hljs-function"><span class="hljs-keyword">function</span> <span class="hljs-title">showProfile</span>(<span class="hljs-params">profile</span>) </span>{
<span class="hljs-keyword">var</span> person = <span class="hljs-keyword">new</span> blockstack.Person(profile)
<span class="hljs-built_in">document</span>.getElementById(<span class="hljs-string">'heading-name'</span>).innerHTML = person.name()
<span class="hljs-built_in">document</span>.getElementById(<span class="hljs-string">'avatar-image'</span>).setAttribute(<span class="hljs-string">'src'</span>, person.avatarUrl())
<span class="hljs-built_in">document</span>.getElementById(<span class="hljs-string">'section-1'</span>).style.display = <span class="hljs-string">'none'</span>
<span class="hljs-built_in">document</span>.getElementById(<span class="hljs-string">'section-2'</span>).style.display = <span class="hljs-string">'block'</span>
}
<span class="hljs-keyword">if</span> (blockstack.isUserSignedIn()) {
<span class="hljs-keyword">const</span> userData = blockstack.loadUserData()
showProfile(userData.profile)
} <span class="hljs-keyword">else</span> <span class="hljs-keyword">if</span> (blockstack.isSignInPending()) {
blockstack.handlePendingSignIn()
.then(<span class="hljs-function"><span class="hljs-params">userData</span> =></span> {
showProfile(userData.profile)
})
}</pre>
<p>6) Create a <code>manifest.json</code> file</p>
<pre class='hljs'>{
<span class="hljs-attr">"name"</span>: <span class="hljs-string">"Hello, Blockstack"</span>,
<span class="hljs-attr">"start_url"</span>: <span class="hljs-string">"localhost:5000"</span>,
<span class="hljs-attr">"description"</span>: <span class="hljs-string">"A simple demo of Blockstack Auth"</span>,
<span class="hljs-attr">"icons"</span>: [{
<span class="hljs-attr">"src"</span>: <span class="hljs-string">"https://helloblockstack.com/icon-192x192.png"</span>,
<span class="hljs-attr">"sizes"</span>: <span class="hljs-string">"192x192"</span>,
<span class="hljs-attr">"type"</span>: <span class="hljs-string">"image/png"</span>
}]
}</pre>
<p>Make sure your <code>manifest.json</code> file has appropriate CORS headers so that it can
be fetched via an http <code>GET</code> from any origin.</p>
<p>7) Serve your application</p>
<h2>User flow</h2>
<p>What follows is a walk through of the experience of a user, Alice, signing in to your app with Blockstack.</p>
<p>First, Alice clicks the "Sign in with Blockstack" button on your app. She is redirected to her copy of the Blockstack Browser. The Blockstack Browser shows Alice an approval dialog with information about your app including:</p>
<ul>
<li>The origin your app was served from</li>
<li>Your app's name</li>
<li>Your app's logo</li>
<li>The types of permissions and data your app is requesting</li>
</ul>
<p>Alice can choose to authenticate as one of her Blockstack IDs by selecting the ID and clicking the Approve button.</p>
<p>When she clicks approve, she's redirected back to your app. Your app gets cryptographic proof that she is who she claims to be, access to a dedicated bucket in her Gaia storage hub for your app to read and write its own data along with public information she's stored in her profile.</p>
<h2>Manifest file</h2>
<p>Blockstack apps have a manifest file based on the <a href="https://w3c.github.io/manifest/">W3C web app manifest specification</a>. The Blockstack Browser retrieves the manifest file from the app during the authentication process and displays some of the information in it such as the app name and icon to the user. The location of the app manifest file is specific in the authentication request token and <em>MUST</em> be on the same origin as the app requesting authentication.</p>
<p>Below is an example of a manifest file:</p>
<pre><code>{
"name": "Todo App",
"start_url": "http://blockstack-todos.appartisan.com",
"description": "A simple todo app build on blockstack",
"icons": [{
"src": "http://blockstack-todos.appartisan.com/logo.png",
"sizes": "400x400",
"type": "image/png"
}]
}
</code></pre>
<p>The manifest file <em>MUST</em> have <a href="https://en.wikipedia.org/wiki/Cross-origin_resource_sharing">Cross-origin resource sharing (CORS) headers</a> that allow the manifest file to be fetched from any arbitrary source. This usually means returning:</p>
<pre><code>Access-Control-Allow-Origin: *
</code></pre>
<h2>Key pairs</h2>
<p>Blockstack Authentication makes extensive use of public key cryptography. As mentioned above, we use ECDSA with the secp256k1 curve. What follows is a description of the various public-private key pairs used in the authentication process including how they're generated, where they're used and to whom the private key is disclosed.</p>
<h3>Transit private key</h3>
<p>The transit private is an ephemeral key that is used to encrypt secrets that need to be passed from the Blockstack Browser to the app during the authentication process. It is randomly generated by the app at the beginning of the authentication response. The public key that corresponds to the transit private key is stored in a single element array in the <code>public_keys</code> key of the authentication request token. The Blockstack Browser encrypts secret data such as the app private key using this public key and sends it back to the app when the user signs in to the app. The transit private key signs the app authentication request.</p>
<h3>Blockstack ID Identity address private key</h3>
<p>The identity address private key is derived from the user's keychain phrase and is the private key of the Blockstack ID that the user chooses to use to sign in to the app. It is a secret owned by the user and never leaves the user's instance of the Blockstack browser. This private key signs the authentication response token for an app to indicate that the user approves sign in to that app.</p>
<h3>App private key</h3>
<p>The app private key is an app-specific private key that is generated from the user's identity address private key using the <code>domain_name</code> as input. It is deterministic in that for a given Blockstack ID and <code>domain_name</code>, the same private key will be generated each time. The app private key is securely shared with the app on each authentication, encrypted by the Blockstack browser with the transit public key.</p>
<p>The app private key serves three functions.</p>
<ul>
<li>It is used to create the credentials that give an app access to the gaia hub storage bucket for that specific app.</li>
<li>It is used in the end-to-end encryption of files stored for the app on the user's gaia hub.</li>
<li>It serves as a cryptographic secret that apps can use to perform other cryptographic functions.</li>
</ul>
<h2>Scopes</h2>
<p>Scopes define the information and permissions an app requests from the
user during authentication. Requested scopes may be any of the following:</p>
<ul>
<li>
<p><code>store_write</code> - read and write data to the user's Gaia hub in an app-specific storage bucket</p>
</li>
<li>
<p><code>publish_data</code> - publish data so that other users of the app can discover and interact with the user</p>
</li>
<li>
<p><code>email</code> - requests the user's email if available</p>
<p> If no <code>scopes</code> array is provided to the <code>redirectToSignIn</code> or
<code>makeAuthRequest</code> functions, the default is to request <code>['store_write']</code>.</p>
</li>
</ul>
<h2>Authentication tokens</h2>
<p>The app and the Blockstack Browser communicate during the authentication flow by passing back and forth two tokens:</p>
<p>The requesting application sends the Blockstack Browser an authRequest token.
Once a user approves a sign in, the Blockstack Browser responds to the application with an authResponse token.</p>
<p>These tokens are <a href="https://jwt.io/">JSON Web Tokens</a>, and they are passed via URL query strings.</p>
<h3>JSON Web Token signatures</h3>
<p>Blockstack's authentication tokens are based on the <a href="https://tools.ietf.org/html/rfc7519">RFC 7519 OAuth JSON Web Token (JWT)</a> with additional support for the secp256k1 curve used by bitcoin and many other cryptocurrencies.</p>
<p>This signature algorithm is indicated by specifying <code>ES256K</code> in the token's <code>alg</code> key, specifying that the JWT signature uses ECDSA with the secp256k1 curve. We provide both <a href="https://github.com/blockstack/jsontokens-js">JavaScript</a> and <a href="https://github.com/blockstack/ruby-jwt-blockstack/tree/ruby-jwt-blockstack">Ruby</a> JWT libraries with support for this signing algorithm.</p>
<h3>Authentication request payload schema</h3>
<pre class='hljs'><span class="hljs-keyword">const</span> requestPayload = {
jti, <span class="hljs-comment">// UUID</span>
iat, <span class="hljs-comment">// JWT creation time in seconds</span>
exp, <span class="hljs-comment">// JWT expiration time in seconds</span>
iss, <span class="hljs-comment">// legacy decentralized identifier generated from transit key</span>
public_keys, <span class="hljs-comment">// single entry array with public key of transit key</span>
domain_name, <span class="hljs-comment">// app origin</span>
manifest_uri, <span class="hljs-comment">// url to manifest file - must be hosted on app origin</span>
redirect_uri, <span class="hljs-comment">// url to which browser redirects user on auth approval - must be hosted on app origin</span>
version, <span class="hljs-comment">// version tuple</span>
do_not_include_profile, <span class="hljs-comment">// a boolean flag asking browser to send profile url instead of profile object</span>
supports_hub_url, <span class="hljs-comment">// a boolean flag indicating gaia hub support</span>
scopes <span class="hljs-comment">// an array of string values indicating scopes requested by the app</span>
}</pre>
<h3>Authentication response payload schema</h3>
<pre class='hljs'> <span class="hljs-keyword">const</span> responsePayload = {
jti, <span class="hljs-comment">// UUID</span>
iat, <span class="hljs-comment">// JWT creation time in seconds</span>
exp, <span class="hljs-comment">// JWT expiration time in seconds</span>
iss, <span class="hljs-comment">// legacy decentralized identifier (string prefix + identity address) - this uniquely identifies the user</span>
private_key, <span class="hljs-comment">// encrypted private key payload</span>
public_keys, <span class="hljs-comment">// single entry array with public key</span>
profile, <span class="hljs-comment">// profile object or null if passed by profile_url</span>
username, <span class="hljs-comment">// blockstack id username (if any)</span>
core_token, <span class="hljs-comment">// encrypted core token payload</span>
email, <span class="hljs-comment">// email if email scope is requested & email available</span>
profile_url, <span class="hljs-comment">// url to signed profile token</span>
hubUrl, <span class="hljs-comment">// url pointing to user's gaia hub</span>
version <span class="hljs-comment">// version tuple</span>
}</pre>
<h2><code>blockstack:</code> custom protocol handler</h2>
<p>The <code>blockstack:</code> custom protocol handler is how Blockstack apps send their authentication requests to the Blockstack Browser. When the Blockstack Browser is installed on a user's computer, it registers itself as the handler for the <code>blockstack:</code> customer protocol.</p>
<p>When an application calls <a href="http://blockstack.github.io/blockstack.js/index.html#redirecttosignin"><code>redirectToSignIn</code></a> or <a href="http://blockstack.github.io/blockstack.js/index.html#redirecttosigninwithauthrequest"><code>redirectToSignInWithAuthRequest</code></a>, blockstack.js checks if a blockstack: protocol handler is installed and, if so, redirects the user to <code>blockstack:<authRequestToken></code>. This passes the authentication request token from the app to the Blockstack Browser, which will in turn validate the request and display an authentication dialog.</p>
<h2>Adding Blockstack Authentication to your app</h2>
<p>The way you can add Blockstack Authentication to you app depends on whether your app is a modern decentralized Blockstack App where code runs client-side without trusted servers or a legacy client-server app where a server is trusted.</p>
<h3>Authentication in Client-side apps</h3>
<p>This method is appropriate for decentralized client-side apps where the user's zone of trust - the parts of the app that the user is trusting - begins and ends with the code running on their own computer. In apps like these, any code the app interacts with that's not on their own computer such as external servers does not need to know who she is.</p>
<p><a href="https://github.com/blockstack/blockstack.js">Blockstack.js</a> provides API methods that help you to implement Blockstack Authentication in your client-side app.</p>
<h4>Standard flow</h4>
<p>The preferred way to implement authentication in these apps is to use the standard flow. This flow hides much of the process behind a few easy function calls and makes it very fast to get up and running.</p>
<p>In this process you'll use these four functions:</p>
<ul>
<li><code>redirectToSignIn</code></li>
<li><code>isSignInPending</code></li>
<li><code>handlePendingSignIn</code></li>
<li><code>loadUserData</code></li>
</ul>
<h5>Starting the sign in process</h5>
<p>When your app wants to start the sign in process, typically when the user clicks a "Sign in with Blockstack" button, your app will call the <a href="http://blockstack.github.io/blockstack.js/index.html#redirecttosignin"><code>redirectToSignIn</code></a> method of <a href="https://github.com/blockstack/blockstack.js">blockstack.js</a>.</p>
<p>This creates an ephemeral transit key, stores it in the web browser's <code>localStorage</code>, uses it to create an authentication request token and finally redirects the user to the Blockstack browser to approve the sign in request.</p>
<h5>Handling an authentication response</h5>
<p>When a user approves a sign in request, the Blockstack Browser will return the signed authentication response token to the <code>redirectURI</code> specified in <code>redirectToSignIn</code>.</p>
<p>To check for the presence of this token, your app should call <code>isSignInPending</code>. If this returns <code>true</code>, the app should then call <code>handlePendingSignIn</code>. This decodes the token, returns the signed-in-user's data, and simultaneously storing it to <code>localStorage</code> so that it can be retrieved later with <code>loadUserData</code>.</p>
<pre class='hljs'><span class="hljs-keyword">import</span> * <span class="hljs-keyword">as</span> blockstack <span class="hljs-keyword">from</span> <span class="hljs-string">'blockstack'</span>
<span class="hljs-keyword">if</span> (blockstack.isSignInPending()) {
blockstack.handlePendingSignIn()
.then(<span class="hljs-function"><span class="hljs-params">userData</span> =></span> {
<span class="hljs-keyword">const</span> profile = userData.profile
})
}</pre>
<h4>Manual flow</h4>
<p>Alternatively, you can manually generate your own transit private key and/or authentication request token. This gives you more control over the experience.</p>
<p>For example, you could use the following code to generate an authentication request on <code>https://alice.example.com</code> or <code>https://bob.example.com</code> for an app running on origin <code>https://example.com</code>.</p>
<pre class='hljs'><span class="hljs-keyword">const</span> transitPrivateKey = generateAndStoreTransitKey()
<span class="hljs-keyword">const</span> redirectURI = <span class="hljs-string">'https://example.com/authLandingPage'</span>
<span class="hljs-keyword">const</span> manifestURI = <span class="hljs-string">'https://example.com/manifest.json'</span>
<span class="hljs-keyword">const</span> scopes = [<span class="hljs-string">'scope_write'</span>, <span class="hljs-string">'publish_data'</span>]
<span class="hljs-keyword">const</span> appDomain = <span class="hljs-string">'https://example.com'</span>
<span class="hljs-keyword">const</span> authRequest = makeAuthRequest(transitPrivateKey, redirectURI, manifestURI, scopes, appDomain)
redirectToSignInWithAuthRequest(authRequest)</pre>
<h3>Authentication in client-server apps</h3>
<p><em>Note: Client-server authentication requires using a library written in the language of your server app. There are private methods in blockstack.js that can be accomplish this on node.js server apps, but they are not currently part of our public, supported API.</em></p>
<p>Using Blockstack Authentication in client-server apps is very similar to client-side apps. You generate the authentication request using the same code in the client as described above.</p>
<p>The main difference is that you need to verify the authentication response token on the server after the user approves sign in to your app.</p>
<p>For an example of how verification can be done server side, take a look at the <a href="https://github.com/blockstack/blockstack-ruby#to-verify-an-auth-response">blockstack-ruby</a> library.</p>
</section>
</div>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='redirecttosignin'>
redirectToSignIn
</h3>
</div>
<p>Generates an authentication request and redirects the user to the Blockstack
browser to approve the sign in request.</p>
<p>Please note that this requires that the web browser properly handles the
<code>blockstack:</code> URL protocol handler.</p>
<p>Most applications should use this
method for sign in unless they require more fine grained control over how the
authentication request is generated. If your app falls into this category,
use <code>makeAuthRequest</code> and <code>redirectToSignInWithAuthRequest</code> to build your own sign in process.</p>
<div class='pre p1 fill-light mt0'>redirectToSignIn(redirectURI: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, manifestURI: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, scopes: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Array">Array</a>): void</div>
<div class='py1 quiet mt1 prose-big'>Parameters</div>
<div class='prose'>
<div class='space-bottom0'>
<div>
<span class='code bold'>redirectURI</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>`${window.location.origin}/`</code>)</code>
The location to which the identity provider will redirect the user after
the user approves sign in.
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>manifestURI</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>`${window.location.origin}/manifest.json`</code>)</code>
Location of the manifest file.
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>scopes</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Array">Array</a>
= <code>DEFAULT_SCOPE</code>)</code>
Defaults to requesting write access to
this app's data store.
An array of strings indicating which permissions this app is requesting.
</div>
</div>
</div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code>void</code>:
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='issigninpending'>
isSignInPending
</h3>
</div>
<p>Check if there is a authentication request that hasn't been handled.</p>
<div class='pre p1 fill-light mt0'>isSignInPending(): <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Boolean">Boolean</a></div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code><a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Boolean">Boolean</a></code>:
<code>true</code>
if there is a pending sign in, otherwise
<code>false</code>
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='handlependingsignin'>
handlePendingSignIn
</h3>
</div>
<p>Try to process any pending sign in request by returning a <code>Promise</code> that resolves
to the user data object if the sign in succeeds.</p>
<div class='pre p1 fill-light mt0'>handlePendingSignIn(nameLookupURL: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, authResponseToken: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, transitKey: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>): <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise">Promise</a></div>
<div class='py1 quiet mt1 prose-big'>Parameters</div>
<div class='prose'>
<div class='space-bottom0'>
<div>
<span class='code bold'>nameLookupURL</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>''</code>)</code>
the endpoint against which to verify public
keys match claimed username
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>authResponseToken</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>getAuthResponseToken()</code>)</code>
the signed authentication response token
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>transitKey</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>getTransitKey()</code>)</code>
the transit private key that corresponds to the transit public key
that was provided in the authentication request
</div>
</div>
</div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code><a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise">Promise</a></code>:
that resolves to the user data object if successful and rejects
if handling the sign in request fails or there was no pending sign in request.
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='loaduserdata'>
loadUserData
</h3>
</div>
<p>Retrieves the user data object. The user's profile is stored in the key <code>profile</code>.</p>
<div class='pre p1 fill-light mt0'>loadUserData(): <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object">Object</a></div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code><a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object">Object</a></code>:
User data object.
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='isusersignedin'>
isUserSignedIn
</h3>
</div>
<p>Check if a user is currently signed in.</p>
<div class='pre p1 fill-light mt0'>isUserSignedIn(): <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Boolean">Boolean</a></div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code><a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Boolean">Boolean</a></code>:
<code>true</code>
if the user is signed in,
<code>false</code>
if not.
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='signuserout'>
signUserOut
</h3>
</div>
<p>Sign the user out and optionally redirect to given location.</p>
<div class='pre p1 fill-light mt0'>signUserOut(redirectURL: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>): void</div>
<div class='py1 quiet mt1 prose-big'>Parameters</div>
<div class='prose'>
<div class='space-bottom0'>
<div>
<span class='code bold'>redirectURL</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>null</code>)</code>
Location to redirect user to after sign out.
</div>
</div>
</div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code>void</code>:
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='makeauthrequest'>
makeAuthRequest
</h3>
</div>
<p>Generates an authentication request that can be sent to the Blockstack
browser for the user to approve sign in. This authentication request can
then be used for sign in by passing it to the <code>redirectToSignInWithAuthRequest</code>
method.</p>
<p><em>Note: This method should only be used if you want to roll your own authentication
flow. Typically you'd use <code>redirectToSignIn</code> which takes care of this
under the hood.</em></p>
<div class='pre p1 fill-light mt0'>makeAuthRequest(transitPrivateKey: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, redirectURI: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, manifestURI: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, scopes: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Array">Array</a><<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>>, appDomain: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, expiresAt: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Number">Number</a>, extraParams: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object">Object</a>): <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a></div>
<div class='py1 quiet mt1 prose-big'>Parameters</div>
<div class='prose'>
<div class='space-bottom0'>
<div>
<span class='code bold'>transitPrivateKey</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>generateAndStoreTransitKey()</code>)</code>
hex encoded transit
private key
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>redirectURI</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>`${window.location.origin}/`</code>)</code>
location to redirect user to after sign in approval
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>manifestURI</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>`${window.location.origin}/manifest.json`</code>)</code>
location of this app's manifest file
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>scopes</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Array">Array</a><<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>>
= <code>DEFAULT_SCOPE</code>)</code>
the permissions this app is requesting
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>appDomain</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>window.location.origin</code>)</code>
the origin of this app
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>expiresAt</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Number">Number</a>
= <code>nextHour().getTime()</code>)</code>
the time at which this request is no longer valid
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>extraParams</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object">Object</a>
= <code>{}</code>)</code>
Any extra parameters you'd like to pass to the authenticator.
Use this to pass options that aren't part of the Blockstack auth spec, but might be supported
by special authenticators.
</div>
</div>
</div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code><a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a></code>:
the authentication request
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='generateandstoretransitkey'>
generateAndStoreTransitKey
</h3>
</div>
<p>Generates a ECDSA keypair to
use as the ephemeral app transit private key
and stores the hex value of the private key in
local storage.</p>
<div class='pre p1 fill-light mt0'>generateAndStoreTransitKey(): <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a></div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code><a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a></code>:
the hex encoded private key
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='redirecttosigninwithauthrequest'>
redirectToSignInWithAuthRequest
</h3>
</div>
<p>Redirects the user to the Blockstack browser to approve the sign in request
given.</p>
<p>The user is redirected to the <code>blockstackIDHost</code> if the <code>blockstack:</code>
protocol handler is not detected. Please note that the protocol handler detection
does not work on all browsers.</p>
<div class='pre p1 fill-light mt0'>redirectToSignInWithAuthRequest(authRequest: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>, blockstackIDHost: <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>): void</div>
<div class='py1 quiet mt1 prose-big'>Parameters</div>
<div class='prose'>
<div class='space-bottom0'>
<div>
<span class='code bold'>authRequest</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>makeAuthRequest()</code>)</code>
the authentication request generated by
<code>makeAuthRequest</code>
</div>
</div>
<div class='space-bottom0'>
<div>
<span class='code bold'>blockstackIDHost</span> <code class='quiet'>(<a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a>
= <code>DEFAULT_BLOCKSTACK_HOST</code>)</code>
the URL to redirect the user to if the blockstack
protocol handler is not detected
</div>
</div>
</div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code>void</code>:
</section>
<section class='p2 mb2 clearfix bg-white minishadow'>
<div class='clearfix'>
<h3 class='fl m0' id='getauthresponsetoken'>
getAuthResponseToken
</h3>
</div>
<p>Retrieve the authentication token from the URL query</p>
<div class='pre p1 fill-light mt0'>getAuthResponseToken(): <a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a></div>
<div class='py1 quiet mt1 prose-big'>Returns</div>
<code><a href="https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String">String</a></code>:
the authentication token if it exists otherwise
<code>null</code>
</section>
<div class='keyline-top-not py2'><section class='py2 clearfix'>
<h2 id='profiles' class='mt0'>
Profiles
</h2>
<p>Follow these steps to create and register a profile for a Blockchain ID:</p>
<ol>
<li>Create a JSON profile object</li>
<li>Split up the profile into tokens, sign the tokens, and put them in a token file</li>
<li>Create a zone file that points to the web location of the profile token file</li>
</ol>
<h3>Create a profile</h3>
<pre class='hljs'>const profileOfNaval = {
"@context": "http://schema.org/",
"@type": "Person",
"name": "Naval Ravikant",
"description": "Co-founder of AngelList"
}</pre>
<h3>Sign a profile as a single token</h3>
<pre class='hljs'>import { makeECPrivateKey, wrapProfileToken, Person } from 'blockstack'
const privateKey = makeECPrivateKey()
const person = new Person(profileOfNaval)
const token = person.toToken(privateKey)
const tokenFile = [wrapProfileToken(token)]</pre>
<h3>Verify an individual token</h3>
<pre class='hljs'><span class="hljs-keyword">import</span> { verifyProfileToken } <span class="hljs-keyword">from</span> <span class="hljs-string">'blockstack'</span>
<span class="hljs-keyword">try</span> {
<span class="hljs-keyword">const</span> decodedToken = verifyProfileToken(tokenFile[<span class="hljs-number">0</span>].token, publicKey)
} <span class="hljs-keyword">catch</span>(e) {
<span class="hljs-built_in">console</span>.log(e)
}</pre>
<h3>Recover a profile from a token file</h3>
<pre class='hljs'><span class="hljs-keyword">const</span> recoveredProfile = Person.fromToken(tokenFile, publicKey)</pre>
<h3>Validate profile schema</h3>
<pre class='hljs'><span class="hljs-keyword">const</span> validationResults = Person.validateSchema(recoveredProfile)</pre>
<h3>Where profile data is stored</h3>
<p>Profile data is stored using Gaia on the user's selected storage provider.</p>
<p>An example of a profile.json file URL using Blockstack provided storage:
<code>https://gaia.bloc