Request login
Challenge-response authentication via Trezor. To protect against replay attacks
you should use a server-side generated and randomized challengeHidden
for every
attempt. You can also provide a visual challenge that will be shown on the
device.
Service backend needs to check whether the signature matches the generated
challengeHidden
, provided challengeVisual
and stored publicKey
fields.
If that is the case, the backend either creates an account (if the publicKey
identity is seen for the first time) or signs in the user (if the publicKey
identity is already a known user).
To understand the full mechanics, please consult the Challenge-Response chapter of SLIP-0013: Authentication using deterministic hierarchy.
const result = await TrezorConnect.requestLogin(params);
Params
Optional common params
Common parameter useEmptyPassphrase
- is always set to true
and it will be ignored by this method
Login using server-side async challenge
callback
— requiredfunction
which will be called from API to fetchchallengeHidden
andchallengeVisual
from server
Login without async challenge
challengeHidden
- requiredstring
hexadecimal valuechallengeVisual
- requiredstring
text displayed on Trezor
Example
Login using server-side async challenge
TrezorConnect.requestLogin({
callback: function () {
// here should be a request to server to fetch "challengeHidden" and "challengeVisual"
return {
challengeHidden: '0123456789abcdef',
challengeVisual: 'Login to',
};
},
});
Login without async challenge
TrezorConnect.requestLogin({
challengeHidden: '0123456789abcdef',
challengeVisual: 'Login to',
});
Result
{
success: true,
payload: {
address: string,
publicKey: string,
signature: string,
}
}
Error
{
success: false,
payload: {
error: string // error message
}
}
Server side examples
Here is the reference implementation of the server-side signature verification written in various languages: