omniauth-trezorconnect provides an OmniAuth strategy for Trezor Connect Version 9.
With this strategy your users can use popular Trezor Wallet to login to your website.
Add this line to your application's Gemfile:
gem 'omniauth-trezorconnect'And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-trezorconnect
In Rails app, add config/initializers/omniauth.rb: Trezor requires requires that you, as a Trezor Connect integrator, share your e-mail and application url with us. This provides with the ability to reach you in case of any required maintenance. This subscription is mandatory.
Rails.application.config.middleware.use OmniAuth::Builder do
provider :trezor, client_options: {
trezor_site: "https://examplesite.com",
trezor_email: "email@example.com"
}
endThese are the options you can specify that are relevant to Omniauth Trezor:
Challenge-response authentication via TREZOR. To protect against replay attacks, you must use a server-side generated and randomized challenge_hidden for every attempt. You can also provide a visual challenge that will be shown on the device.
:visual_challenge- Text that will be shown on the device (defaults toTime.now.strftime("%Y-%m-%d %H:%M:%S")):hidden_challenge- Hidden randomized hex string used to protect agains replay attacks (defaults toSecureRandom.hex(32))
After successful authentication request.env['omniauth.auth'].extra contains all data that was used to verify the signature: visual_challenge, hidden_challenge, signature and public_key for your additional needs (ie. audit log).
Bug reports and pull requests are welcome on GitHub at https://github.com/karim-semmoud/omniauth-trezorconnect.
The gem is available as open source under the terms of the MIT License.
This gem is based on the gem omniauth-trezor. A special thanks goes to Kraxnet for his amazing contribution
-
Updgrade Trezor Connect from version 8 to version 9
-
Upgrade Omniauth gem from version 1 to version 2
-
Add mandatory App URL and Email to be shared with Trezor