Home

Awesome

Algorand Authentication Service

Overview

This project holds the standard FIDO2 api endpoints and the Proof of Knowledge for Algorand specific private keys. The api is a stateful session-based architecture with endpoint guards. A user must prove ownership of a private key to associate PublicKeyCredentials

Getting started

Prerequisites

Clone the project

git clone git@github.com:algorandfoundation/liquid-auth.git && cd liquid-auth

NGROK

note on VPNs: Ngrok will not work with VPNs, so to run locally the project, disable it or configure your VPN's split tunneling to allow ngrok traffic.

Sign up for a free account at ngrok and follow the instructions to get your <NGROK_AUTH_TOKEN> and <NGROK_STATIC_DOMAIN>.

With Docker

Don't run the ngrok commands directly as expressed in the ngrok guide as it will create run-time port conflicts.

Without Docker

ngrok will ask you to add your auth token to your configuration file.

ngrok config add-authtoken <NGROK_AUTH_TOKEN>

Will then ask you to deploy your static domain, make sure to change the port to 5173 like this:

ngrok http --domain=<NGROK_STATIC_DOMAIN> 5173

Configure NGROK

Add a ngrok.yml configuration to the root directory.

Example Configuration
version: 2
authtoken: <NGROK_AUTH_TOKEN>
tunnels:
  website:
    addr: liquid-auth:5173
    proto: http
    domain: <NGROK_STATIC_DOMAIN>

Make sure to update the authtoken and domain in the ngrok.yml file with your ngrok details.

Update the Service's .env.docker file

Update the .env.docker file with the following keys with the values from ngrok:

HOSTNAME=<NGROK_STATIC_DOMAIN>
ORIGIN=https://<NGROK_STATIC_DOMAIN>

Start services

Run the following command to start the backend:

docker-compose up -d

Navigate to the ngrok URL in your browser to test the FIDO2 feature.

Using the app

Install the Android client to your device.

Step-1.png

QR Connect

Open the Connect Modal on the website and scan the QR code using the "Connect" button on the Android device. Follow the instructions on the Android device to register a credential.

Step-1-QRCode.png

Peer to Peer

Once the credential is registered, you can send messages over the peer connection.

Step-2.png