Skip to content
/ examples Public

Examples of NuID's zero knowledge authentication and key management facilities in various languages and frameworks. Open an Issue or PR if you'd like to see your favorite tool here.

Notifications You must be signed in to change notification settings

NuID/examples

Repository files navigation

NuID :: Examples

This repository contains examples of interacting with various NuID libraries, packages, and APIs across various languages, libraries, and frameworks. The examples provided here are meant to suplement the official documentation found at NuID's Developer Portal.

Prerequisites

If you want to run some of these examples, you'll generally need the following:

Usage

# Fetch the code
$ git clone https://github.com/NuID/examples.git
$ cd examples

# All servers will need an API Key to talk to the API
$ export NUID_API_KEY="<your api key>"

# the start target will fetch all necessary dependencies
# use client=js-react and server=js-node defaults
$ make start

# optionally set the client or server examples to use
# see below for supported clients and servers
$ make start server=go

As we add new examples for other languages you'll be able to change server=<folder> or client=<folder> to whichever example you wish to run.

Supported examples

client=<lang>

  • js-react (default) - make start or make start client=js-react
  • js-react-native - make start client=js-react-native

server=<lang>

  • js-node (default) - make start or make start server=js-node
  • clojure-ring - make start server=clojure-ring
  • go - make start server=go
  • ruby-rails - make start server=ruby-rails

Documentation

Lots of the code in each example has been commented, but more documentation can be found on the portal. We're constantly updating the docs with guides, videos, and language reference.

Contact

Get in touch with any questions or feedback at [email protected]. We'd love to hear from you.


js-react + js-node example

Provided here is an example of a Node.js+React application that initially uses password hashing for authentication. Over the course of four tagged commits we'll show how to convert from password hashing to using NuID for credential management, all without changing your login+registration UX.

Note: This repo's directory structure has changed since the tagged commits linked below, just be aware you'll only see a client and server directory instead of js-react and js-node respectively (along with any other language examples that will be added later). Checking out the main branch at any time will get you back to the most recent examples available.

Overview of NuID

  • Trustless authentication using Zero-Knowledge proofs.
  • Slots seamlessly into existing password-based flows.
  • Eliminates password breach risks. Passwords don't leave your client devices and aren't stored on your server.
  • NuID Auth API provides ZK credential creation and retrieval.

Demo: Initial app uses hashed password authentication

  • Two core flows in authentication: registration and login.
  • Email+Password used for registering and authenticating users.
  • Email is the unique key for the user account.
  • Password is always sent to backend, hashed, and stored.
  • Browse Code

Demo: Integrate with NuID Auth API

  • Add @nuid/zk npm package to both client and server applications.
  • Get an API Key from the NuID Developer Portal.
  • Add API Key and URL to server process environment.
  • Create API Post and Get functions to talk to NuID Auth API.
  • Browse Code
  • See Diff

Demo: Convert registration to use NuID

  • Add nuid field to user table.
  • Client creates a verified credential with the password during registration.
  • Client submits to /register with the email and a verified credential.
  • The password is not sent to the server.
  • Server receives verified credential and registers for a new NuID.
  • Server stores the NuID along with the other user parameters.
  • Browse Code
  • See Diff

Demo: Convert login to use NuID

  • Add server endpoint /challenge to get a challenge for the authenticating user from NuID.
  • Client login process asks for a /challenge for the user with the given email.
  • Challenge JWT claims are decoded client-side and used to generate a ZK Proof with the password.
  • Client login submits to /login with the email, challenge JWT, and proof.
  • The password is not sent to the server.
  • Server /login verifies the challenge JWT and proof with NuID.
  • User is now authenticated.
  • Browse Code
  • See Diff