ivanciric/ecdsa-auth

ECDSA based authentication for Laravel/Dingo API

Maintainers

Details

github.com/ivanciric/ecdsa-auth

Source

Issues

Installs: 125

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 2

Forks: 1

Open Issues: 0

dev-master 2018-11-23 14:45 UTC

Requires

MIT d82651b65cc5860a95d5522376194a55a300abeb

  • Ivan Ciric <info.woop@yoshi.tech>

This package is auto-updated.

Last update: 2025-01-24 05:40:59 UTC

README

Passwordless authentication based on public/private key signatures.

ECDSA implementation for Laravel/Dingo API with the help of elliptic-php and keccak packages.

Instalation

composer require ivanciric/ecdsa-auth

Library uses package auto-discovery feature, so you don't need to set the service provider manually.

Publish the package configuration

php artisan vendor:publish

Configuration

After publishing configuration, you can edit the available options in config/ecdsaauth.php

Usage

This package presumes you have Dingo API setup. Edit the config/api.php file and set the auth key as follows:

'auth' => [
        'ivanciric\EcdsaAuth\Authenticator'
 ]

You should set the lookup_key and key_lookup_field in the package config to reflect your user properties.

Protect your routes by specifying the middleware:

$api->version('v1', ['middleware' => 'api.auth'], function ($api) {
    ...
});

Creating the payload

Authorization header should contain the payload in the following forms:

Eth eyJlbWFpbCI6ImhhQG1hLnRvIiwibWVzc2FnZSI6IjkyNThhNjQ0Y2FmZTZ...

or

Ecdsa eyJlbWFpbCI6ImhhQG1hLnRvIiwibWVzc2FnZSI6IjkyNThhNjQ0Y2FmZTZ...

Payload itself is a base64 encoded json with the following properties:

{
    "email": "h@ma.to", // user's email or alternative lookup field
    "message": "message that you've signed", // string
    "signature": "3046022100a94c1a..." // signed message
}

All properties are configurable.