2.5 KiB
Request login
Challenge-response authentication via Trezor. To protect against replay attacks
you should use a server-side generated and randomized challengeHidden for every
attempt. You can also provide a visual challenge that will be shown on the
device.
Service backend needs to check whether the signature matches the generated
challengeHidden, provided challengeVisual and stored publicKey fields.
If that is the case, the backend either creates an account (if the publicKey
identity is seen for the first time) or signs in the user (if the publicKey
identity is already a known user).
To understand the full mechanics, please consult the Challenge-Response chapter of SLIP-0013: Authentication using deterministic hierarchy.
const result = await TrezorConnect.requestLogin(params);
Params
**Optional common params**
Common parameter useEmptyPassphrase - is always set to true and it will be ignored by this method
Login using server-side async challenge
callback— requiredfunctionwhich will be called from API to fetchchallengeHiddenandchallengeVisualfrom server
Login without async challenge
challengeHidden- requiredstringhexadecimal valuechallengeVisual- requiredstringtext displayed on Trezor
Example
Login using server-side async challenge
TrezorConnect.requestLogin({
callback: function () {
// here should be a request to server to fetch "challengeHidden" and "challengeVisual"
return {
challengeHidden: '0123456789abcdef',
challengeVisual: 'Login to',
};
},
});
Login without async challenge
TrezorConnect.requestLogin({
challengeHidden: '0123456789abcdef',
challengeVisual: 'Login to',
});
Result
{
success: true,
payload: {
address: string,
publicKey: string,
signature: string,
}
}
Error
{
success: false,
payload: {
error: string // error message
}
}
Server side examples
Here is the reference implementation of the server-side signature verification written in various languages: