When is authentication required?
Your app and its users must authenticate to protect data or access protected data.
These auth schemes are suitable for interactive platforms such as web browsers and mobile apps.
Client-side authentication is performed using identity federation or an email code loop. Typically this is included via an authentication widget in your website or app, but the SDK also exposes the underlying methods if you'd prefer to roll your own.
These options are mutually exclusive from server-side Node.js Authentication.
Virtru provides a prepackaged auth widget which subsumes the other browser auth schemes (federated identity and email code). Once included with the SDK, this widget walks the user through authenticating via one of the supported methods and fires off a callback when authentication has been completed successfully.
For developers getting started with the Virtru SDK, we strongly recommend starting with the widget to get up and running faster with authentication.
Email Code Loop authenticates your end users by sending a temporary alphanumeric code to their email address, then asking them to validate it. When the end user authenticates using this strategy, they will be marked as "owners" of the key, and policy on any objects they encrypt. To implement Email Code Loop Auth use the following code:
Email Code Loop Step 1: First ask the end user to enter their email address via a UI control. Let's say they entered
[email protected]. Now, you can have Virtru send a code to their email address like this:
Email Code Loop Step 2: Now ask the end user to enter the code they received into a text box. Let's say the code they entered from their email is
V-12345678. Now execute this:
This validates the user-entered code against Virtru's authentication services. If the entered code was correct, the end user is authenticated with Virtru and a valid AppId token is sent to the browser. This AppId token will be used by Virtru JS SDK for subsequent encryption or decryption operations.
How do I check if a user is authenticated?
Virtru.Auth.isLoggedIn() after these steps to verify if a login was successful.
Federation flow with Virtru
Step 1: End user initiates OAuth authentication (see code below) with Virtru's Federated Identity Service.
Step 2: Virtru's Federated Identity Service receives the authentication request and redirects the end user to authenticate to one of the popular OAuth providers.
Step 3: End user successfully authenticates with OAuth provider of choice and authorizes Virtru to use this identity.
Step 4: OAuth provider redirects the end user back to Virtru's Federated Identity Service. Virtru's Federated Identity Service activates the token that's returned back to end user's browser for subsequent requests to Virtru's Key Management Service. Virtru's Federated Identity Service returns the user to the customer's site, provided the site is whitelisted.
In order to leverage this OAuth-based authentication methods, you must be running on a domain whitelisted by Virtru. By default
https://local.virtru.com is whitelisted for development purposes, see here for a detailed walkthrough of setting up your development environment for federated auth.
Whitelist Your Domain to Enable Federation
Using this scheme requires that you whitelist your domain with Virtru.
Once running on a suitable domain, you can use the
Virtru.Auth.login* methods to authenticate from various identity providers. For instance, the following line will attempt to authenticate a user with their Google account.
Updated 13 days ago