When I decided to integrate [Steem Keychain](https://github.com/MattyIce/steem-keychain) with @steeveapp, it was not clear to me how to establish a user session with the server, how to log the user in. I spent some time researching and thinking, so I decided to write down how I did it in the end and share it with others. # Being a Detective At the beginning, when I was implementing authentication with SteemConnect, the situation was pretty clear. You ask SteemConnect and you get a token that you can use to verify user's Steem identity. But there was nothing like that with Steem Keychain, no tokens, not to mention just a few exported methods existing at the time I started checking the extension. Anyway, when skimming through the README on GitHub, I stumbled over the section called [Decode Memo / Verify Key](https://github.com/MattyIce/steem-keychain#decode-memo--verify-key), which says that `requestVerifyKey` can be used to log the user in. No other details there, so although I knew what I was supposed to use, I didn't know what to do exactly. How to verify user's identity on the server? # The Authentication Flow The flow I came up with turned out to be somehow funny to me because it incorporates exchanging encrypted memos between the server and the web application as if they were having an encrypted Steem conversation with each other. So, here is what I came up with, step by step: 1. [APP] Ask the user to insert their Steem username. 2. [APP] Post `username` to `/login/steem_keychain`. 3. [SERVER] Encrypt `username` with a symetric-key algorithm (like AES) to get `encrypted_username`. This requires a secret to be prepared in advance and stored on the server, which is not related to signing JWT tokens or the blockchain. 4. [SERVER] Fetch the given user's public memo key from the blockchain. 5. [SERVER] Encrypt `encrypted_username` using the public memo key to get `encrypted_memo` and return it in the response. 6. [APP] Ask Steem Keychain to decrypt `encrypted_memo` received using the stored private memo key. 7. [APP] Post the decrypted memo (`encrypted_username`) to `/login/steem_keychain/callback`. 8. [SERVER] Decrypt `encrypted_username` using the stored private secret (AES) to get `username`. 9. [SERVER] Generate a JWT token for the given username. Return it in the response. 10. [APP] Store the returned JWT token. The session is established. As apparent, the whole flow works iff the user manages to decrypt the message using their private memo key, which is the step verifying Steem identify. The web application cannot mess up with what is received from the server since it is encrypted and the secret is kept on the server only. The reason why it is not the JWT token itself returned as `encrypted_memo` is that we need the web application to ping the server back, letting it know that the session is established in case there is any necessary logic to be executed. So, what do you think? Can it be done in a different or simpler way? EDIT: There is a simpler way when using `requestSignBuffer`, which is an API call that was not available when I was implementing this for Steeve. # Steem Keychain for Angular When implementing this for @steeveapp, I decided to turn my efforts into a public Angular module that anybody can use to get up and running with Steem Keychain quickly. All hail [ngx-steem-keychain](https://github.com/steeveproject/ngx-steem-keychain). I am posting updates regularly using Utopian: * [Version 1.0](https://www.steeve.app/@steeveapp/ngx-steem-keychain-angular-interface-to-steem-keychain-released) * [Version 1.1](https://www.steeve.app/@steeveapp/ngx-steem-keychain-1-1-buffer-signing-and-broadcast-available) --- <center>View this post on [Steeve](https://www.steeve.app/@void/tutorial-logging-into-a-web-application-with-steem-keychain)</center>
| author | void |
|---|---|
| permlink | tutorial-logging-into-a-web-application-with-steem-keychain |
| category | steem |
| json_metadata | {"tags":["steem","keychain","steeve","technology","tutorial"],"links":["https://github.com/MattyIce/steem-keychain","https://github.com/MattyIce/steem-keychain#decode-memo--verify-key","https://github.com/steeveproject/ngx-steem-keychain","https://www.steeve.app/@steeveapp/ngx-steem-keychain-angular-interface-to-steem-keychain-released","https://www.steeve.app/@steeveapp/ngx-steem-keychain-1-1-buffer-signing-and-broadcast-available","https://www.steeve.app/@void/tutorial-logging-into-a-web-application-with-steem-keychain"],"format":"markdown","app":"steeve/0.1"} |
| created | 2018-11-21 20:58:33 |
| last_update | 2018-11-21 21:21:06 |
| depth | 0 |
| children | 2 |
| last_payout | 2018-11-28 20:58:33 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 2.133 HBD |
| curator_payout_value | 0.625 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 3,838 |
| author_reputation | 32,603,999,249,802 |
| root_title | "Tutorial: Logging into a Web Application with Steem Keychain" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 75,695,579 |
| net_rshares | 4,594,532,052,351 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| team | 0 | 84,599,514,177 | 10% | ||
| morning | 0 | 736,083,233,580 | 100% | ||
| minismallholding | 0 | 6,197,861,353 | 25% | ||
| rizkirz | 0 | 247,307,715 | 50% | ||
| yabapmatt | 0 | 3,642,263,462,152 | 100% | ||
| husnulkhatimah | 0 | 158,796,910 | 100% | ||
| muhammadrizki96 | 0 | 4,363,869,742 | 100% | ||
| ykdesign | 0 | 2,499,842,285 | 25% | ||
| intansuryani | 0 | 204,990,307 | 100% | ||
| zahratulmulia | 0 | 246,776,577 | 50% | ||
| sanyjaya | 0 | 378,134,400 | 100% | ||
| albipratama | 0 | 248,671,406 | 50% | ||
| bringolo | 0 | 35,116,438,278 | 99.71% | ||
| kulin12 | 0 | 235,092,100 | 50% | ||
| rikaz87 | 0 | 0 | 100% | ||
| andestra | 0 | 6,985,894,854 | 100% | ||
| muhammadmd | 0 | 186,526,087 | 50% | ||
| myusuf01 | 0 | 225,753,007 | 50% | ||
| rismawar | 0 | 177,276,541 | 50% | ||
| arsyilasani | 0 | 252,354,050 | 50% | ||
| lisnizar | 0 | 245,598,376 | 50% | ||
| intansafrina | 0 | 183,746,118 | 50% | ||
| zulkiflidesta | 0 | 529,014,222 | 100% | ||
| alex20050503 | 0 | 495,576,992 | 100% | ||
| alina34 | 0 | 495,341,498 | 100% | ||
| dimka10 | 0 | 495,611,463 | 100% | ||
| borndead04 | 0 | 497,557,337 | 100% | ||
| davidisaevv | 0 | 496,228,066 | 100% | ||
| borndead03 | 0 | 495,455,302 | 100% | ||
| selakov.vadim | 0 | 495,574,377 | 100% | ||
| borndead02 | 0 | 495,986,288 | 100% | ||
| artemnezlobin | 0 | 495,375,213 | 100% | ||
| missnadeen | 0 | 494,765,999 | 100% | ||
| manyellee | 0 | 494,859,598 | 100% | ||
| dima.nurgaliev | 0 | 494,469,244 | 100% | ||
| hackettm21 | 0 | 495,542,071 | 100% | ||
| radomim | 0 | 494,031,233 | 100% | ||
| ziapase | 0 | 3,100,834,033 | 100% | ||
| garikpetrosyan | 0 | 495,422,893 | 100% | ||
| neanv | 0 | 493,855,997 | 100% | ||
| shtotomoda | 0 | 494,949,349 | 100% | ||
| robsimsh | 0 | 494,713,960 | 100% | ||
| rommist79 | 0 | 494,587,004 | 100% | ||
| miki21657 | 0 | 494,151,797 | 100% | ||
| marunkas20 | 0 | 494,876,746 | 100% | ||
| wallskirk | 0 | 494,931,719 | 100% | ||
| assaulenko | 0 | 494,793,605 | 100% | ||
| pignutcraft | 0 | 495,205,352 | 100% | ||
| bentwag | 0 | 494,581,115 | 100% | ||
| kendip | 0 | 495,094,576 | 100% | ||
| fedykosoy00 | 0 | 493,872,504 | 100% | ||
| dmitriynemov | 0 | 495,179,106 | 100% | ||
| daileyfre | 0 | 494,515,390 | 100% | ||
| miljared | 0 | 494,224,740 | 100% | ||
| hipolitc | 0 | 494,680,734 | 100% | ||
| intrusionpunish | 0 | 494,406,071 | 100% | ||
| chewycareless | 0 | 495,070,260 | 100% | ||
| linashevchyk | 0 | 494,865,202 | 100% | ||
| djane860 | 0 | 494,401,249 | 100% | ||
| semenova32 | 0 | 494,250,593 | 100% | ||
| elenatagaeva | 0 | 495,574,816 | 100% | ||
| vermilionlost | 0 | 495,941,117 | 100% | ||
| olgafalatova | 0 | 494,856,837 | 100% | ||
| responseyears | 0 | 495,108,752 | 100% | ||
| joinneutron | 0 | 495,926,887 | 100% | ||
| crispysuperb | 0 | 496,292,893 | 100% | ||
| bibslivered | 0 | 494,993,571 | 100% | ||
| enlargedremove | 0 | 495,119,731 | 100% | ||
| indigooccupy | 0 | 495,427,196 | 100% | ||
| creamssugar | 0 | 495,366,204 | 100% | ||
| woodenwhine | 0 | 495,631,141 | 100% | ||
| hamacrylic | 0 | 495,021,157 | 100% | ||
| barcodemail | 0 | 496,167,395 | 100% | ||
| waveoutsiders | 0 | 495,405,974 | 100% | ||
| goringdriver | 0 | 494,855,807 | 100% | ||
| busroasted | 0 | 495,216,958 | 100% | ||
| wordsconic | 0 | 495,521,291 | 100% | ||
| breadsplonk | 0 | 495,063,724 | 100% | ||
| userglorious | 0 | 496,274,352 | 100% | ||
| coinsicy | 0 | 496,058,180 | 100% | ||
| googoltailored | 0 | 495,875,847 | 100% | ||
| couldpinkie | 0 | 495,453,499 | 100% | ||
| grouseunhelpful | 0 | 496,130,850 | 100% | ||
| regretfulwooden | 0 | 496,681,460 | 100% | ||
| blueberryeither | 0 | 495,184,928 | 100% | ||
| maillithium | 0 | 495,522,808 | 100% | ||
| marcatounique | 0 | 496,314,958 | 100% | ||
| yolofussy | 0 | 495,999,658 | 100% | ||
| ybazhenov | 0 | 495,584,299 | 100% | ||
| asamarin88 | 0 | 495,485,572 | 100% | ||
| nseregin8 | 0 | 495,288,014 | 100% | ||
| stewekroli | 0 | 495,234,627 | 100% | ||
| fimschell | 0 | 495,257,732 | 100% | ||
| asavin88 | 0 | 494,751,520 | 100% | ||
| synonymsdiapir | 0 | 496,210,771 | 100% | ||
| mockingexposure | 0 | 496,331,814 | 100% | ||
| icerinksweet | 0 | 495,876,159 | 100% | ||
| spicedwave | 0 | 507,342,930 | 100% | ||
| verygrin | 0 | 496,502,171 | 100% | ||
| maskoil | 0 | 496,365,361 | 100% | ||
| cratevisits | 0 | 496,060,413 | 100% | ||
| tillerthey | 0 | 496,885,612 | 100% | ||
| lidaricerink | 0 | 496,708,357 | 100% | ||
| trimminiature | 0 | 495,817,213 | 100% | ||
| pashafeloff | 0 | 497,179,460 | 100% | ||
| sashashelest | 0 | 497,606,775 | 100% | ||
| mkravchenko1989 | 0 | 497,903,998 | 100% | ||
| denielharvi | 0 | 497,764,802 | 100% | ||
| devidrays | 0 | 497,507,322 | 100% | ||
| semenovyx83 | 0 | 497,735,103 | 100% | ||
| ivan.dyuzhev | 0 | 497,895,175 | 100% | ||
| perlov11 | 0 | 497,217,772 | 100% | ||
| mladogin | 0 | 497,680,270 | 100% | ||
| postmax | 0 | 497,229,018 | 100% | ||
| devsup | 0 | 2,770,414,448 | 0.69% | ||
| comicalfowl | 0 | 497,590,026 | 100% | ||
| playdiseases | 0 | 497,850,338 | 100% | ||
| wrestlinglay | 0 | 497,632,008 | 100% | ||
| pakistaniride | 0 | 497,868,304 | 100% | ||
| stopthe | 0 | 497,636,773 | 100% | ||
| metricsstride | 0 | 497,847,337 | 100% | ||
| pseudosled | 0 | 497,734,713 | 100% | ||
| signaloutlook | 0 | 497,773,984 | 100% | ||
| turbulentsooty | 0 | 497,677,122 | 100% | ||
| geologistraft | 0 | 497,287,043 | 100% | ||
| limitstousled | 0 | 497,292,412 | 100% | ||
| northernsound | 0 | 497,719,136 | 100% | ||
| helpscode | 0 | 497,662,422 | 100% | ||
| ivan.rogach | 0 | 497,746,283 | 100% | ||
| oles9373 | 0 | 497,473,479 | 100% | ||
| soupstingy | 0 | 497,510,655 | 100% | ||
| pomarinerose | 0 | 497,885,241 | 100% | ||
| clailpickled | 0 | 497,948,097 | 100% | ||
| sutecheasles | 0 | 508,507,378 | 100% | ||
| caringirish | 0 | 497,092,192 | 100% | ||
| societiespaying | 0 | 497,301,595 | 100% | ||
| germharmony | 0 | 497,418,246 | 100% | ||
| droopydefinite | 0 | 497,788,101 | 100% | ||
| creamyslammed | 0 | 497,954,060 | 100% | ||
| lockoperand | 0 | 497,250,480 | 100% | ||
| allianzranked | 0 | 497,495,796 | 100% | ||
| belliedas | 0 | 497,756,183 | 100% | ||
| kingboundless | 0 | 508,564,135 | 100% | ||
| monescevian | 0 | 497,786,036 | 100% | ||
| reporterlupus | 0 | 497,228,574 | 100% | ||
| behaveskaters | 0 | 497,228,593 | 100% | ||
| deadeastern | 0 | 497,823,109 | 100% | ||
| paradigmstair | 0 | 497,436,437 | 100% | ||
| charbodge | 0 | 497,886,774 | 100% | ||
| drabitlamb | 0 | 497,673,954 | 100% | ||
| humeoutspoken | 0 | 497,128,996 | 100% | ||
| goatfermented | 0 | 497,666,996 | 100% | ||
| internetherpes | 0 | 497,225,220 | 100% | ||
| tusclelong | 0 | 497,866,663 | 100% | ||
| piesaves | 0 | 497,656,526 | 100% | ||
| glyderaubeaf | 0 | 497,318,325 | 100% | ||
| revelibuges | 0 | 497,736,375 | 100% | ||
| orilhurthaga | 0 | 497,427,336 | 100% | ||
| dyspcardrel | 0 | 497,228,111 | 100% | ||
| sayportlotepo | 0 | 497,653,175 | 100% |
Congratulations @void! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) : <table><tr><td>https://steemitimages.com/60x70/http://steemitboard.com/@void/votes.png?201812031607</td><td>You made more than 800 upvotes. Your next target is to reach 900 upvotes.</td></tr> </table> <sub>_[Click here to view your Board of Honor](https://steemitboard.com/@void)_</sub> <sub>_If you no longer want to receive notifications, reply to this comment with the word_ `STOP`</sub> **Do not miss the last post from @steemitboard:** <table><tr><td><a href="https://steemit.com/steemitboard/@steemitboard/5jrq2c-steemitboard-saint-nicholas-day"><img src="https://steemitimages.com/64x128/http://i.cubeupload.com/mGo2Zd.png"></a></td><td><a href="https://steemit.com/steemitboard/@steemitboard/5jrq2c-steemitboard-saint-nicholas-day">Saint Nicholas challenge for good boys and girls</a></td></tr></table> > Support [SteemitBoard's project](https://steemit.com/@steemitboard)! **[Vote for its witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1)** and **get one more award**!
| author | steemitboard |
|---|---|
| permlink | steemitboard-notify-void-20181203t191716000z |
| category | steem |
| json_metadata | {"image":["https://steemitboard.com/img/notify.png"]} |
| created | 2018-12-03 19:17:15 |
| last_update | 2018-12-03 19:17:15 |
| depth | 1 |
| children | 0 |
| last_payout | 2018-12-10 19:17:15 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.000 HBD |
| curator_payout_value | 0.000 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 1,163 |
| author_reputation | 38,975,615,169,260 |
| root_title | "Tutorial: Logging into a Web Application with Steem Keychain" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 76,308,595 |
| net_rshares | 0 |
Congratulations @void! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) : <table><tr><td>https://steemitimages.com/60x70/http://steemitboard.com/@void/commented.png?201812051720</td><td>You got more than 400 replies. Your next target is to reach 500 replies.</td></tr> </table> <sub>_[Click here to view your Board of Honor](https://steemitboard.com/@void)_</sub> <sub>_If you no longer want to receive notifications, reply to this comment with the word_ `STOP`</sub> **Do not miss the last post from @steemitboard:** <table><tr><td><a href="https://steemit.com/steemitboard/@steemitboard/5jrq2c-steemitboard-saint-nicholas-day"><img src="https://steemitimages.com/64x128/http://i.cubeupload.com/mGo2Zd.png"></a></td><td><a href="https://steemit.com/steemitboard/@steemitboard/5jrq2c-steemitboard-saint-nicholas-day">Saint Nicholas challenge for good boys and girls</a></td></tr></table> > Support [SteemitBoard's project](https://steemit.com/@steemitboard)! **[Vote for its witness](https://v2.steemconnect.com/sign/account-witness-vote?witness=steemitboard&approve=1)** and **get one more award**!
| author | steemitboard |
|---|---|
| permlink | steemitboard-notify-void-20181205t180823000z |
| category | steem |
| json_metadata | {"image":["https://steemitboard.com/img/notify.png"]} |
| created | 2018-12-05 18:08:21 |
| last_update | 2018-12-05 18:08:21 |
| depth | 1 |
| children | 0 |
| last_payout | 2018-12-12 18:08:21 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.000 HBD |
| curator_payout_value | 0.000 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 1,166 |
| author_reputation | 38,975,615,169,260 |
| root_title | "Tutorial: Logging into a Web Application with Steem Keychain" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 76,410,286 |
| net_rshares | 0 |
hiveblocks