By: Jonathan Brown

Previously I had written about how to sign in to a ExpressJS app using Ethereum and JWT.

As a follow up, I am introducing web3-auth, an NPM to sign in to the backend with Ethereum accounts.

How does it work:

The Web3 environment (MetaMask / Mist) is requested to sign a message using the account’s private key.

The account address and the signed message are POSTed to the backend.

The backend verifies that the signature is correct and generates a signed Json Web Token (JWT) proving that the holder is in control of the address.

The JWT is sent back to the web browser as a HttpOnly (not accessible from frontend JS) session cookie.

Now I have created a drop-in NPM with this functionality.

https://github.com/vanbexlabs/web3-auth

It’s very easy to use:

npm install web3-auth — save

On the backend

var web3Auth = require(‘web3-auth’);

web3Auth.attach(app, “This is my secret.”);

The ethereum address of the authentcated user making the request is in `req.user.loggedInAs`.

On the frontend

var web3AuthFrontEnd = require(‘web3-auth/frontend.js’)

web3AuthFrontEnd.signIn(); // Call this when a sign-in button is pressed.

I also updated the demo app to use the NPM: https://github.com/vanbexlabs/ethereum-auth-demo

You can find it on NPM here: https://www.npmjs.com/package/web3-auth

Cheers