The pairing flow proceeds as follows:
- The member (inviter) creates an invitation (a new signing keypair) and shares
{ discoveryKey, seed }
with a candidate (invitee).publicKey
is set aside for later use. - The candidate produces a request with arbitrary
userData
signed by the invitation keyPair, this is encrypted to a key derived from the invitepublicKey
. - Upon receiving the request, the member decrypts the payload and verifies the signature against the invitation
publicKey
, proving that the invitee hassecretKey
. - The member can evaluate
userData
and either confirm or deny the request. A response is returned to the candidate which may contain the{ key, encryptionKey }
needed to join the room. - The candidate verifies that
key
corresponds todiscoveryKey
, confirming that the remote peer has read-access tokey
(is a valid member).
import { CandidateRequest, MemberRequest, createInvite } from 'blind-pairing-core'
const { invite, publicKey } = createInvite(key) // key is a Hypercore or Autobase key
// candidate
const candidate = new CandidateRequest(invite, { userData: 'hello world' })
candidate.on('accepted', () => console.log('accepted!'))
const transport = candidate.encode()
// member
const request = MemberRequest.from(transport)
const userData = request.open(publicKey)
console.log(userData) // hello world
request.confirm({ key })
// candidate
candidate.handleResponse(request.response)
// candidate accepted event will fire
console.log(candidate.auth) // { key }
exports:
{
CandidateRequest,
MemberRequest,
createInvite,
decodeInvite,
verifyReceipt
}
Instanstiate a new candidate request from a given invite.
Handle the response received from the peer.
Destroy the request.
Encode the request to be sent to the peer.
Unique id for this request.
Invite id corresponding to this request.
Discovery key corresponding to this request.
An event that fires when an invite is accepted.
An event that fires when an invite is rejected.
Returns a buffer that can be used to restore the request at a later point.
Restore a persisted request.
Instantiate a new member request using the request id and the request data
Open the request using the corresponding invitation public key.
Confirm the request with the requested auth data.
Deny the request.
Static method to create a member request directly from a received request.
The invite id corresponding to the request, this can be used to find the invitation public key.
The unique id corresponding to the request.
The response that should be sent back to the candidate. Only populated after the request is either confirmed or denied.
A stand alone receipt of this request that can be verified against the public key.
Discovery key corresponding to this request.
Create invites for a given key.
Decode an invite
object.
Verify a previously opened request. Returns userData
if receipt is valid and null
otherwise.
Apache-2.0