Protect, Track & Control Data.
Anywhere. Anytime.

Get started in JavaScript, Node.js, Python, or C++.

Client-side JS Authentication

When is authentication required?

Your app and its users must authenticate to protect data or access protected data.

Client-side Auth Schemes

These auth schemes are suitable for interactive platforms such as web browsers and mobile apps.

  1. Auth Widget (recommended starting point)
  2. Email Code Loop
  3. Federation using Google and O365

Client-side authentication is performed using identity federation or an email code loop. Typically this is included via an authentication widget in your website or app, but the SDK also exposes the underlying methods if you'd prefer to roll your own.

These options are mutually exclusive from server-side Node.js Authentication.

1. Auth Widget

Virtru provides a prepackaged auth widget which subsumes the other browser auth schemes (federated identity and email code). Once included with the SDK, this widget walks the user through authenticating via one of the supported methods and fires off a callback when authentication has been completed successfully.

<!DOCTYPE html>
    <title>Virtru SDK for JavaScript - Sample Application</title>
    <!-- Include the widget and SDK with the following three lines. -->
    <link href="" rel="stylesheet"/>
    <script src=""></script>
    <script src=""></script>

  <div id="virtru-auth-widget-mount"></div>
  <script type="text/javascript">
    // Define the callback.
    async function afterAuth(email) {
      // Run all SDK code from here now that
      // the user is authenticated.
    // Set up the auth widget.
    Virtru.AuthWidget('virtru-auth-widget-mount', {afterAuth});

For developers getting started with the Virtru SDK, we strongly recommend starting with the widget to get up and running faster with authentication.

2. Email Code Loop

Email Code Loop authenticates your end users by sending a temporary alphanumeric code to their email address, then asking them to validate it. When the end user authenticates using this strategy, they will be marked as "owners" of the key, and policy on any objects they encrypt. To implement Email Code Loop Auth use the following code:

Email Code Loop Step 1: First ask the end user to enter their email address via a UI control. Let's say they entered [email protected]. Now, you can have Virtru send a code to their email address like this:

Virtru.Auth.sendCodeToEmail({ email: '[email protected]' })

Email Code Loop Step 2: Now ask the end user to enter the code they received into a text box. Let's say the code they entered from their email is V-12345678. Now execute this:

 Virtru.Auth.activateEmailCode({ email: '[email protected]', code: 'V-12345678' });

This validates the user-entered code against Virtru's authentication services. If the entered code was correct, the end user is authenticated with Virtru and a valid AppId token is sent to the browser. This AppId token will be used by Virtru JS SDK for subsequent encryption or decryption operations.

How do I check if a user is authenticated?

Call Virtru.Auth.isLoggedIn() after these steps to verify if a login was successful.

3. Federation Using Google, O365 and Outlook

Federation flow with Virtru

Federation flow with Virtru

Step 1: End user initiates OAuth authentication (see code below) with Virtru's Federated Identity Service.

Step 2: Virtru's Federated Identity Service receives the authentication request and redirects the end user to authenticate to one of the popular OAuth providers.

Step 3: End user successfully authenticates with OAuth provider of choice and authorizes Virtru to use this identity.

Step 4: OAuth provider redirects the end user back to Virtru's Federated Identity Service. Virtru's Federated Identity Service activates the token that's returned back to end user's browser for subsequent requests to Virtru's Key Management Service. Virtru's Federated Identity Service returns the user to the customer's site, provided the site is whitelisted.

In order to leverage this OAuth-based authentication methods, you must be running on a domain whitelisted by Virtru. By default is whitelisted for development purposes, see here for a detailed walkthrough of setting up your development environment for federated auth.

Whitelist Your Domain to Enable Federation

Using this scheme requires that you whitelist your domain with Virtru.

Once running on a suitable domain, you can use the Virtru.Auth.login* methods to authenticate from various identity providers. For instance, the following line will attempt to authenticate a user with their Google account.

Virtru.Auth.loginWithGoogle({email: '[email protected]'});

Updated 13 days ago

Client-side JS Authentication

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.