JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1
  • Score
    100M100P100Q39733F
  • License BSD-3-Clause

SnapAuth official SDK - server component for passkey and webauthn integration

Package Exports

  • @snapauth/node-sdk
  • @snapauth/node-sdk/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@snapauth/node-sdk) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

SnapAuth SDK for NodeJS

The official NodeJS SDK for SnapAuth 🫰

This is for server code. If you're looking for the client integration, check out @snapauth/sdk.

NPM Version npm bundle size GitHub License

Installation and Setup

npm i --save @snapauth/node-sdk
# yarn add @snapauth/sdk
# etc
import SnapAuth from '@snapauth/node-sdk'
const snapAuth = new SnapAuth(process.env.SNAPAUTH_SECRET_KEY)

[!TIP] The SDK will auto-detect a SNAPAUTH_SECRET_KEY environment variable. If that's where you've set up your Secret Key, you can simplify this to const snapAuth = new SnapAuth().

Usage

All examples are in TypeScript, based roughly on an ExpressJS app.

General usage is as follows:

const response = await snapAuth.someApiCall(param1, ...)
if (response.ok) {
  // Got back a 2xx
  // console.assert(response.result !== null)
  useDataFrom(response.result)
} else {
  // Any other response, or network error
  // console.assert(response.result === null)
  // console.assert(response.errors.length > 0)
  console.error(response.errors)
}

This is similar to fetch() which you're probably already familiar with.

If the API call succeeded, the response will be in response.result.

[!NOTE] Even on successful responses, response.errors may contain information, such as deprecation or usage warnings. We suggest always examining this value.

Completing credential registration

app.post('/register', async (request, response) => {
  // You should have POSTed something like this:
  // {
  //  token: string
  //  username: string
  // }
  const token = request.body.token
  const username = request.body.username
  // Do whatever you normally do to create a new User record
  const user = createUserWithUsername(username)
  // Then save the new passkey
  const credentialInfo = await snapAuth.attachRegistration(token, {
    id: user.id, // You may need to cast this to a string first, e.g. `String(user.id)`
    username: user.username, // Probably the value from above
  })
  // That's it. Proceed as normal.
})

[!NOTE] The id is what you should use during authentication; it can not be changed. The username is to make client code more straightforward, and is typically the value the user would type in to a username field.

username MAY be omitted. We automatically perform a one-way hash before storing it in order to preserve user privacy, so it will not be returned to you later.

Authenticating

app.post('/signin', async (request, response) => {
  // { token: string }
  const token = request.body.token
  const auth = await snapAuth.verifyAuthToken(token)
  if (auth.ok) {
    signInUserWithId(auth.result.user.id)
  } else {
    // Look at auth.errors and decide what, if anything, to display to the user.
  }
})

Building the SDK

Run npm run watch to keep the build running continually on file change.

To make the local version available for linking, run npm link in this directory.

In the project that should use the local version, run npm link '@snapauth/node-sdk' which will set up the symlinking.