Interface: SSKS2MR
Properties
keyStorageURL
keyStorageURL:
string
keyStorageURL with which this plugin instance was created. URL of the SSKS Identity Key Storage to which it should connect.
keyStore
keyStore:
KeyStore2MR
Manual SSKS Identity Key Storage interface. For advanced use.
Methods
getFactorToken()
getFactorToken(
args
: {authFactor
:TmrAuthFactor
;challenge
:string
;sessionId
:string
; }):Promise
<{authenticatedSessionId
:string
;token
:string
; }>
Retrieve a JWT that can be used to retrieve or convert TMR access using sealdSDK.retrieveEncryptionSessionByTmr()
and sealdSDK.convertTmrAccess()
.
The returned token
is the JWT that can be used for TMR access. The returned authenticatedSessionId
is a SSKS session that is authenticated, and can be used in subsequent call without providing a challenge.
Parameters
args
authFactor
TmrAuthFactor
Authentication method of this user, to which SSKS has sent a challenge at the request of your app's server.
challenge
string
Optional. The challenge sent by SSKS to the user's authentication method. It can be omitted if the session is already authenticated (using the authenticatedSessionId
returned by a previous call)
sessionId
string
Session ID given by SSKS to your app's server.
Returns
Promise
<{authenticatedSessionId
: string
;token
: string
; }>
authenticatedSessionId
authenticatedSessionId:
string
token
token:
string
retrieveIdentity()
retrieveIdentity(
args
: {authFactor
:TmrAuthFactor
;challenge
:string
;string
;rawTwoManRuleKey
:string
;sessionId
:string
;twoManRuleKey
:string
;userId
:string
; }):Promise
<{accountInfo
:AccountInfo
;authenticatedSessionId
:string
; }>
Retrieve the Seald account previously created with initiateIdentity
.
If the identity has been stored without no challenge
, the first time the identity is retrieved afterwards, the keys of the identity in question are automatically renewed and stored again onto SSKS. If the same identity is also stored elsewhere (for example with @seald-io/sdk-plugin-ssks-password
), you will have to save it again.
It is recommended not to retrieve the same identity with ssks2MR.retrieveIdentity
on multiple devices at the same time, at the same exact instant, for example during automated tests. Please wait until one of the devices has finished retrieving the identity before starting the retrieval on another device.
The returned accountInfo
contains information about the retrieved identity. The returned authenticatedSessionId
is a SSKS session that is authenticated, and can be use in subsequent call without providing a challenge.
Parameters
args
authFactor
TmrAuthFactor
Authentication method of this user, to which SSKS has sent a challenge at the request of your app's server.
challenge
string
Optional. The challenge sent by SSKS to the user's authentication method. It can be omitted if the session is already authenticated (using the authenticatedSessionId
returned by a previous call)
email
string
Deprecated: Email of this user, to which SSKS has sent a challenge email at the request of your app's server.
rawTwoManRuleKey
string
The raw encryption key used to encrypt / decrypt the stored identity keys. This MUST be the Base64 string encoding of a cryptographically random buffer of 64 bytes. You must set either the twoManRuleKey
argument, or rawTwoManRuleKey
.
sessionId
string
Session ID given by SSKS to your app's server.
twoManRuleKey
string
Secret stored by your app's server for securing this user's identity. You must set either the twoManRuleKey
argument, or rawTwoManRuleKey
.
userId
string
The unique ID of the current user inside your app. It will be used to identify this user.
Returns
Promise
<{accountInfo
: AccountInfo
;authenticatedSessionId
: string
; }>
accountInfo
accountInfo:
AccountInfo
authenticatedSessionId
authenticatedSessionId:
string
saveIdentity()
saveIdentity(
args
: {authFactor
:TmrAuthFactor
;challenge
:string
;string
;identity
:ArrayBuffer
|Uint8Array
<ArrayBufferLike
> |Buffer
<ArrayBufferLike
>;rawTwoManRuleKey
:string
;sessionId
:string
;twoManRuleKey
:string
;userId
:string
; }):Promise
<{authenticatedSessionId
:string
;id
:string
; }>
Save the Seald account to SSKS.
The returned id
is the SSKS ID of the stored identity, which can be used by your backend to manage it. The returned authenticatedSessionId
is a SSKS session that is authenticated, and can be use in subsequent call without providing a challenge.
Parameters
args
authFactor
TmrAuthFactor
Authentication method of this user, to which SSKS has sent a challenge at the request of your app's server.
challenge
string
Optional. If the server responded with must_authenticate
to true
, this is the challenge sent by SSKS to the user's authentication method.
email
string
Deprecated: Email of this user, to which SSKS has sent a challenge email at the request of your app's server.
identity
ArrayBuffer
| Uint8Array
<ArrayBufferLike
> | Buffer
<ArrayBufferLike
>
Optional, the identity to save. If no identity is given, current one is saved.
rawTwoManRuleKey
string
The raw encryption key used to encrypt / decrypt the stored identity keys. This MUST be the Base64 string encoding of a cryptographically random buffer of 64 bytes. You must set either the twoManRuleKey
argument, or rawTwoManRuleKey
.
sessionId
string
Session ID given by SSKS to your app's server.
twoManRuleKey
string
Secret stored by your app's server for securing this user's identity. You must set either the twoManRuleKey
argument, or rawTwoManRuleKey
.
userId
string
The unique ID of the current user inside your app. It will be used to identify this user.
Returns
Promise
<{authenticatedSessionId
: string
;id
: string
; }>
authenticatedSessionId
authenticatedSessionId:
string
id
id:
string