Build with the Virtru Developer Hub

It's Your Data. Protect It. Control It. Everywhere.

Try the Demo          Learn More     

Add Authentication

A Note on Authentication

This demo uses OAuth authentication flow using Google and O365. See other authentication options available.

Authentication into Virtru's Key Management Infrastructure is required prior to encrypting or decrypting content. In other words, Virtru needs to make sure a user is who they say they are. While many authentication options are available, in this sample we will describe authenticating to Virtru Key Management Infrastructure using Google/Office365 OAuth providers.

How the OAuth Works with Virtru SDK

Authentication is very simple and only requires that the end user already has an account with one of the popular email providers, such as Google or Office365. The diagram below highlights how the authentication process works for end users of your application that want to use the Virtru Developer Hub.

A high level authentication flow

A high level authentication flow

Step 1: End user initiates authentication (see code below) with Virtru's Federated Identity Service.

Step 2: Virtru's Federated Identity Service receives the authentication request and redirects the end user to authenticate to one of the popular OAuth providers.

Step 3: End user successfully authenticates with OAuth provider of choice and authorizes Virtru to use this identity.

Step 4: OAuth provider redirects the end user back to Virtru's Federated Identity Service. Virtru's Federated Identity Service activates the token that's returned back to end user's browser for subsequent requests to Virtru's Key Management Service.

Initiating the Authentication

Initiating the authentication request is simple using the TDF client libraries. After importing them, the initiation can be completed as follows.

// Use Google as the OAuth provider. Redirect the user to GSuite OAuth flow.
await Virtru.Client.loginUsingGoogle({'https://myredirect.mydomain.com', 'user@gmail.com'})

//Use Microsoft as the OAuth provider. Redirect the user to Outlook Web OAuth flow.
await Virtru.Client.loginUsingOutlook({'https://myredirect.mydomain.com', 'user@hotmail.com'})

//Use Microsoft as the OAuth provider. Redirect the user to O365 Web OAuth flow.
await Virtru.Client.loginUsingOffice365({'https://myredirect.mydomain.com',{email: 'myemail@mydomain.com'});


//** Use email authentication **
//Let Virtru send an 8-digit code to user@domain.com
await Virtru.Client.sendEmailContainingCode({ 'user@domain.com' });

//Call this after user enters the code recieved in her email. This authenticates the user to Virtru's Key Management Infrastructure. 
await Virtru.Client.activateEmailCode('12345678');

The above snippet uses the exposed global variable Virtru.Client to start authenticating.

loginUsingGoogle is all that is required in order to use Virtru's infrastructure to begin the authentication process with Google. You may also use Microsoft as the provider.

In addition, if neither of these providers is an option for you, it is possible to authenticate with Virtru by letting us send you an 8-digit code. This code must then be activated.

The Virtru Authorization Token

After authenticating, the SDK client will now have a valid Virtru-specific token. This token contains two pieces of information: the user's id, as well as an appId, which is used by Virtru to ensure requests are being made by authorized users.

The token format is thus:

Virtru [["bcc365c2-2290-48ab-9c14-c96018abd7cc","user@domain.com"]]

where the first string is the appId and the second is the user id.

This authentication token is used as an Authorization header when interacting with Virtru's Key Management Infrastructure.


What's Next

Encrypting Files

Add Authentication


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.