Written by Nikhil Jha (Telegram: @ReverseCold)

Decentralized websites and applications shouldn’t have to rely on the outworn authentication system of usernames and passwords. In order to sign in, one has to remember their passwords for each service. Even when using a password manager, passwords are still susceptible to being stolen through a website hack.

Meet NEMid, a secure way to sign in for the modern era. Using secure public key cryptography, NEMid can sign you into compatible websites and apps with only a NEM account through a standalone application.

Protocol Explanation

This is a technical description of the protocol behind NEMid. It is useful if you wish to implement NEMid into your website. If you would just like to have a demo of the technology, scroll down to the sample implementation section.

Application / Website Side

The application wishing to implement nemid needs to generate a link in the nemid:// format. The format is as follows.

nemid://unique-string/https-callback-url/

The unique-string is a long string that should be randomly (or deterministically) generated as well as unique. This signifies the session ID that should be logged in once the callback is generated. This “UUID” can be generated following RFC4122, or however the application owner decides as long as it is unique and time sensitive.

The https-callback-url is simply a callback URL that the application will need to visit in order to send back the signed string. It takes three parameters: sig , pub , and uuid .

Upon receiving the callback, the website should verify the signature and sign the user into either the first session or to a new session.

Client Side

The entire NEMid string is signed, including the callback URL and nemid:// at the beginning. This is then sent to the callback URL as https://https-callback-url?sig=&pub=&uuid= .

Sample Implementation

Server Side

A dummy server is available on GitHub. It gives a fake login experience for you to try out NEMid. This needs to be hosted behind an HTTPS proxy for it to work properly.

The demo server is, at time of publication, hosted at feint.io, so after installing the client, you can try it out with a mainnet account.

Client Side

A standalone desktop application is available on GitHub for both Mac and Windows.

How To Use Samples

For the server just npm install and then node index.js .

Once the dummy server is running...

Open the client app Go to http://feint.io for the hosted version, or http://localhost/ for the local version. Click on the link and then fill out the rest of the information in the client.

Note: If using localhost your browser may fail to connect. Just add an http before localhost in the browser URL bar. This is because NEMid REQUIRES SSL, and the dummy server does not have SSL. If you want to remove this step, you’ll have to run the dummy server behind an SSL nginx proxy or similar.

Conclusion

If you’re building a website or an app that focuses on users of NEM and other cryptocurrencies, add NEMid for a modern, secure experience!