To authenticate to a backend service with an LTO account, you can sign the HTTP request using the HTTP Message Signatures draft standard.
npm install @ltonetwork/http-message-signatures --save
The sign()
method accepts an LTO account as the signer
. The keyid
will be the public key of the account.
import LTO from '@ltonetwork/lto';
import { sign } from '@ltonetwork/http-message-signatures';
const lto = new LTO();
const account = lto.account();
const request = {
method: 'GET',
url: 'https://example.com/api/data',
};
const signedRequest = await sign(request, { signer: account });
// ... Send the signed request to the server
You can sign a Fetch API Request object or a plain object.
The verify()
method accepts an LTO client as verifier. The key type is determined based on the algorithm specified in the Signature
. The keyid is used as the public key. The verify()
method uses the LTO Client to create an account from the public key and verify the signature.
import LTO from '@ltonetwork/lto';
import { sign } from '@ltonetwork/http-message-signatures';
const lto = new LTO();
const request = {
method: 'GET',
url: 'https://example.com/api/data',
headers: {
'Signature-Input': 'sig1=("@method" "@path" "@authority");created=1618884475;keyid="2KduZAmAKuXEL463udjCQkVfwJkBQhpciUC4gNiayjSJ";alg=ed25519',
'Signature': 'sig1=:base64signature:'
}
};
(async () => {
try {
const account = await verify(request, lto);
console.log('Verification succeeded');
} catch (err) {
console.error('Verification failed:', err.message);
}
})();