UNPKG

minauth-simple-preimage-plugin

Version:

A very simple Minauth plugin that allows users to authenticate by providing a preimage to a given hash.

48 lines (35 loc) 1.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# MinAuth Simple Preimage Plugin This package contains an implementation of a very simple MinAuth plugin. It functions as a proof-of-concept and an example of how to build a MinAuth plugin. It uses MINA's o1js library for its zero-knowledge proof part. ## Plugin's overview In essence the use of the plugin is equivalent to a standard hashed password approach, where server does not learn the password, but instead accepts its hash. Additionally the server/verifier part of the plugin is configured with a set of roles/accounts/acl scopes tied to hashes and if given valid proof of knowledge of a preimage of one the hashes it confirms and informs the server about the valid assumption of the role. The hash uses `Poseidon.hash` hashing function widely used in `o1js`. ## Configuration ```typescript /** * The plugin configuration schema. */ export const rolesSchema = z.record( /** Hash preimage of which is used to authorize operations */ z.string(), /** An auxilliary name for the hash - for example * a name of a role in the system */ z.string() ); export const configurationSchema = z .object({ roles: rolesSchema }) .or( z.object({ /** Alternatively, the "roles" can be loaded from a file */ loadRolesFrom: z.string() }) ); ``` The plugin configuration is either a direct mapping of roles or a path to a file storing the mapping. ## Plugin's output revocation The roles mapping can change over-time so previously accepted proofs can get outdated and invalid. MinAuth plugins support revocation of output. This plugin will revoke any output that considered a hash that is no longer resolves to the same role (or is no longer present in the mapping.)