Skip to content

Latest commit

 

History

History

example

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.html
index.html
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
server.js
server.js
 
 
vite.config.js
vite.config.js
 
 

README.md

opaque-wasm example usage

This folder contains an example usage of the opaque-wasm library to implement a login (and register) form which uses the OPAQUE protocol.

pnpm i
pnpm run build
pnpm run start
# Go to http://localhost:1337 in your browser

The server and the client are extremely minimal and only implements the required bits for the register and login flow. A lot of things are out of scope for this example! Here's a non-exhaustive list of things you'll need to figure out by yourself:

  • OPAQUE's Application Considerations
  • Authentication cookies
  • Proper credentials identifier handling
  • Password policy validation
    • This step must be done client-side. It defeats the purpose of the protocol to expose the password to the server for validating a password policy.
    • There has been some publications about Zero Knowledge Password Policy Checks (ZKPPC), but none is in a usable state at this time. In the future, maybe!
  • Multi-factor authentication
  • Server scalability
  • Rate limiting
  • ...

The error handling and validation are also very minimal and are absolutely NOT sufficient for a real production app!

License

Contents of this folder are licensed under the 0BSD license, a public-domain equivalent license.