Skip to content

Interface: SSKS2MR

Properties

keyStorageURL

keyStorageURL: string

keyStorageURL with which this plugin instance was created. URL of the SSKS Identity Key Storage to which it should connect.


keyStore

keyStore: KeyStore2MR

Manual SSKS Identity Key Storage interface. For advanced use.

Methods

getFactorToken()

getFactorToken(args): Promise<Object>

Retrieve a JWT that can be used to retrieve or convert TMR access using sealdSDK.retrieveEncryptionSessionByTmr() and sealdSDK.convertTmrAccess().

The returned token is the JWT that can be used for TMR access. The returned authenticatedSessionId is a SSKS session that is authenticated, and can be used in subsequent call without providing a challenge.

Parameters

args

args.authFactor: TmrAuthFactor

Authentication method of this user, to which SSKS has sent a challenge at the request of your app's server.

args.challenge?: string

Optional. The challenge sent by SSKS to the user's authentication method. It can be omitted if the session is already authenticated (using the authenticatedSessionId returned by a previous call)

args.sessionId: string

Session ID given by SSKS to your app's server.

Returns

Promise<Object>

authenticatedSessionId

authenticatedSessionId: string

token

token: string


retrieveIdentity()

retrieveIdentity(args): Promise<Object>

Retrieve the Seald account previously created with initiateIdentity.

If the identity has been stored without no challenge, the first time the identity is retrieved afterwards, the keys of the identity in question are automatically renewed and stored again onto SSKS. If the same identity is also stored elsewhere (for example with @seald-io/sdk-plugin-ssks-password), you will have to save it again.

It is recommended not to retrieve the same identity with ssks2MR.retrieveIdentity on multiple devices at the same time, at the same exact instant, for example during automated tests. Please wait until one of the devices has finished retrieving the identity before starting the retrieval on another device.

The returned accountInfo contains information about the retrieved identity. The returned authenticatedSessionId is a SSKS session that is authenticated, and can be use in subsequent call without providing a challenge.

Parameters

args

args.authFactor?: TmrAuthFactor

Authentication method of this user, to which SSKS has sent a challenge at the request of your app's server.

args.challenge?: string

Optional. The challenge sent by SSKS to the user's authentication method. It can be omitted if the session is already authenticated (using the authenticatedSessionId returned by a previous call)

args.email?: string

Deprecated: Email of this user, to which SSKS has sent a challenge email at the request of your app's server.

args.rawTwoManRuleKey?: string

The raw encryption key used to encrypt / decrypt the stored identity keys. This MUST be the Base64 string encoding of a cryptographically random buffer of 64 bytes. You must set either the twoManRuleKey argument, or rawTwoManRuleKey.

args.sessionId: string

Session ID given by SSKS to your app's server.

args.twoManRuleKey?: string

Secret stored by your app's server for securing this user's identity. You must set either the twoManRuleKey argument, or rawTwoManRuleKey.

args.userId: string

The unique ID of the current user inside your app. It will be used to identify this user.

Returns

Promise<Object>

accountInfo

accountInfo: AccountInfo

authenticatedSessionId

authenticatedSessionId: string


saveIdentity()

saveIdentity(args): Promise<Object>

Save the Seald account to SSKS.

The returned id is the SSKS ID of the stored identity, which can be used by your backend to manage it. The returned authenticatedSessionId is a SSKS session that is authenticated, and can be use in subsequent call without providing a challenge.

Parameters

args

args.authFactor?: TmrAuthFactor

Authentication method of this user, to which SSKS has sent a challenge at the request of your app's server.

args.challenge?: string

Optional. If the server responded with must_authenticate to true, this is the challenge sent by SSKS to the user's authentication method.

args.email?: string

Deprecated: Email of this user, to which SSKS has sent a challenge email at the request of your app's server.

args.identity?: ArrayBuffer | Uint8Array | Buffer

Optional, the identity to save. If no identity is given, current one is saved.

args.rawTwoManRuleKey?: string

The raw encryption key used to encrypt / decrypt the stored identity keys. This MUST be the Base64 string encoding of a cryptographically random buffer of 64 bytes. You must set either the twoManRuleKey argument, or rawTwoManRuleKey.

args.sessionId: string

Session ID given by SSKS to your app's server.

args.twoManRuleKey?: string

Secret stored by your app's server for securing this user's identity. You must set either the twoManRuleKey argument, or rawTwoManRuleKey.

args.userId: string

The unique ID of the current user inside your app. It will be used to identify this user.

Returns

Promise<Object>

authenticatedSessionId

authenticatedSessionId: string

id

id: string