Identifiers
By default the server-side sets a userIdentifier
during the registration and login process. This userIdentifier
does not even need to be exposed to be exposed to a client.
opaque.client.finishRegistration
, opaque.server.startLogin
and opaque.client.finishLogin
all accept an optional object identifiers
. It accepts an optional string value for the property client
and an optional string value for server
.
type Identifiers = {
client?: string;
server?: string;
};
The identifiers will be public, but cryptographically bound to the registration record.
Once provided in the opaque.client.finishRegistration
function call, the identical identifiers must be provided in the opaque.server.startLogin
and opaque.client.finishLogin
function call. Otherwise the login will result in an error.
Example
Registration
// client
const { registrationRecord } = opaque.client.finishRegistration({
clientRegistrationState,
registrationResponse,
password,
identifiers: {
client: "[email protected]",
server: "mastodon.example.com",
},
});
// send registrationRecord to server and create user account
Login
// server
const { serverLoginState, loginResponse } = opaque.server.startLogin({
serverSetup,
userIdentifier,
registrationRecord,
startLoginRequest,
identifiers: {
client: "[email protected]",
server: "mastodon.example.com",
},
});
// client
const loginResult = opaque.client.finishLogin({
clientLoginState,
loginResponse,
password,
identifiers: {
client: "[email protected]",
server: "mastodon.example.com",
},
});
if (!loginResult) {
throw new Error("Login failed");
}
const { finishLoginRequest, sessionKey } = loginResult;