DEV Community: Pranav Shikarpur The latest articles on DEV Community by Pranav Shikarpur (@snpranav). https://dev.to/snpranav https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1133131%2Fc6f56862-094d-413f-a540-794dc04e0b35.jpg DEV Community: Pranav Shikarpur https://dev.to/snpranav en Add Audit Log Streaming to Auth0 authentication in < 2 mins Pranav Shikarpur Tue, 25 Jun 2024 01:00:54 +0000 https://dev.to/pangea/add-audit-log-streaming-to-auth0-authentication-in-2-mins-413 https://dev.to/pangea/add-audit-log-streaming-to-auth0-authentication-in-2-mins-413 <p>In a world where hackers are trying to brute force user accounts (<a href="https://techcrunch.com/2023/12/04/23andme-confirms-hackers-stole-ancestry-data-on-6-9-million-users/">23andMe breach 2023</a>), it is vital for developers to maintain a long-lasting and tamper-proof audit log of all authentication events to keep their apps secure.</p> <p>While many companies use Auth0 as an authentication provider, its log data retention periods ONLY range from 1-30 days depending on the <a href="https://auth0.com/docs/deploy-monitor/logs/log-data-retention">Auth0 subscription level</a>. Although this span may seem useful for application debugging, it’s not optimal for meeting compliance requirements due to such short retention periods.</p> <p>Thus, adding log streaming with Pangea allows you to keep your Auth0 authentication setup while using Pangea to retain logs for <strong>up to 10 years</strong>! The best part is that everything can be configured directly in the Auth0 dashboard without any changes to your code base.</p> <h2> What are the Advantages of a Tamperproof Audit Log? </h2> <p>If you’re just interested in implementing audit log streaming for Auth0, you can skip ahead to the next section. No offense taken 😉</p> <ul> <li><strong>Identify Risk of Exposure</strong></li> </ul> <p>A robust tamperproof audit log can help quickly assess the risk of exposure after a data breach since you have logs of all user events and critical user actions that occurred in our app.</p> <ul> <li><strong>Tamperproof logs</strong></li> </ul> <p>Since message hashes of Pangea Audit Logs have been designed to be stored in a cryptographically secure hash-tree called “<a href="https://pangea.cloud/docs/audit/merkle-trees?utm_source=devto&amp;utm_medium=auth0-log-streaming-blog">Merkle Trees</a>”, the logs are tamperproof and cryptographically verifiable. Thus Pangea Audit Logs can neither be changed nor destroyed once created.</p> <ul> <li><strong>Asynchronous Logging</strong></li> </ul> <p>Since Pangea Audit Logs can be implemented asynchronously with our authentication system and APIs, it doesn’t affect the performance of our web apps.</p> <h2> TLDR; How do I build it in? </h2> <p>In this tutorial, I will demonstrate how easy it is to add Pangea’s tamperproof audit log API to your Auth0 authentication setup in just a few clicks. No changes to your codebase are needed 😅</p> <h3> Step 1: Create an account on <a href="https://pangea.cloud/?utm_source=devto&amp;utm_medium=auth0-log-streaming">pangea.cloud</a> </h3> <p>Head over to <a href="https://pangea.cloud/?utm_source=devto&amp;utm_medium=auth0-log-streaming">pangea.cloud</a> and create an account for free. Then in the developer console, enable the “Secure Audit Log” service and select the Auth-vX.X.X Log Streaming for the schema template.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs26r2keod6b2qc80vcug.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs26r2keod6b2qc80vcug.png" alt="Pangea Audit Log Schema Setup" width="800" height="397"></a></p> <h3> Step 2: Create an event stream in Auth0 Dashboard </h3> <p>In your Auth0 dashboard, go to <code>Monitoring &gt;&gt; Streams</code> and click <code>Create Stream</code>. Under the event stream options, select <code>Custom Webhook</code></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc9y801mbn8i58lwdrz8k.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc9y801mbn8i58lwdrz8k.png" alt="Auth0 Log Stream Setup" width="800" height="397"></a></p> <h3> Step 3: Copy your Pangea credentials to setup the webhook </h3> <p>In the <code>Custom Webhook</code> setup window, you’ll be asked to input the following:</p> <ul> <li><p><strong>Payload URL</strong> - Enter the URL for your Pangea project log-streaming endpoint. You can find it <a href="https://pangea.cloud/docs/api/audit#/v1/log_stream?utm_source=blog&amp;utm_medium=authn-log-streaming">here</a>.</p></li> <li><p><strong>Authorization Token</strong> - Enter the Authorization header value to access your Secure Audit Log configuration. This would be Bearer <code>&lt;insert_pangea_token&gt;</code></p></li> <li><p><strong>Content Type</strong> - Leave it as <code>application/json</code>.</p></li> <li><p><strong>Content Format</strong> - Select <code>JSON Object</code>.</p></li> </ul> <p>Then you can hit <strong>Save</strong>! Now, if you head over to the Health tab under the newly created webhook, you should see a success message saying your webhook is <code>Active</code>.</p> <p>Here’s a quick video on configuring your webhook with Pangea credentials:<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/MUTffYlTQmQ"> </iframe> </p> <p>Finally, heading over to my react app pre-configured with my Auth0 credentials, let’s log in and log out. To check that our audit logs are being streamed let us head over to the Pangea Console under <code>Audit Log &gt;&gt; View Logs</code>. In here, we should see new logs populated from our app streamed straight from Auth0.</p> <p>Let's test it out!<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/dWEFnM84l1o"> </iframe> </p> auth0 webdev javascript tutorial Add "Login with Passkeys" to your Next.js app in <2 mins (Page Router Mode) Pranav Shikarpur Tue, 28 May 2024 17:04:36 +0000 https://dev.to/pangea/add-login-with-passkeys-to-your-nextjs-app-in-2-mins-page-router-mode-22g7 https://dev.to/pangea/add-login-with-passkeys-to-your-nextjs-app-in-2-mins-page-router-mode-22g7 <p>Passkeys, passkeys, passkeys! Everyone's talking about them. With <a href="https://www.theverge.com/2023/10/23/23928589/amazon-passkey-support-web-ios-shopping-mobile-app?ref=pangea.cloud">Amazon</a> rolling out passkeys last year and <a href="https://blog.google/technology/safety-security/passkeys-default-google-accounts/?ref=pangea.cloud">Google</a> encouraging users to make them the default authentication method, it raises the question: How do I add them to my app?</p> <h2> How do passkeys work? </h2> <p>If you’re just interested in implementing them, you can skip this section. No offense taken 😉</p> <p>FIDO2 multidevice credentials more often referred to as “passkeys” is a standard introduced by the FIDO alliance. It’s an extremely powerful way of using public-key cryptography to verify the identity of a user without passwords, multi-factor, etc. The public / private key pair is usually generated and securely stored on a hardware or software authenticator device.</p> <p>To learn more about how passkeys and authenticators work in detail, check out the <a href="https://pangea.cloud/securebydesign/authn-using-passkeys/?utm_source=devto&amp;utm_medium=passkeys-blog-nextjs">Secure By Design Hub</a> article on passkeys.</p> <h2> How do I build it in? </h2> <p>In this tutorial, we’re going to leverage Pangea AuthN’s hosted pages to be able to quickly configure passkeys without building all the cryptographic mayhem from scratch 😅. To prove that it’s easy to add passkeys into any application in just a few minutes, I’m going to start with a fresh new Next.js app and implement passkeys in just a few steps.</p> <h3> Step 1: Create a new NextJS App and install Pangea AuthN react wrapper </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx create-next-app <span class="nt">--ts</span> <span class="nt">--eslint</span> <span class="nt">--tailwind</span> <span class="nt">--src-dir</span> passkeys-demo <span class="nb">cd </span>passkeys-demo npm i @pangeacyber/react-auth </code></pre> </div> <p><em>Note: Select "No" when the create-next-app command asks if you want to use the <code>App Router</code> mode. In this tutorial, we will be using the Next.js page router mode.</em></p> <h3> Step 2: Create an account on <a href="https://l.pangea.cloud/acJTkqo">pangea.cloud</a> </h3> <p>Head over to pangea.cloud and create an account for free. Then in the developer console, enable the “AuthN” service and grab the following tokens. These tokens will be pasted in your .env config file as shown below.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">NEXT_APP_LOGIN_URL</span><span class="o">=</span><span class="s2">"&lt;PROJECT_HOSTED_LOGIN_URL&gt;"</span> <span class="nv">NEXT_APP_CLIENT_TOKEN</span><span class="o">=</span><span class="s2">"&lt;PROJECT_CLIENT_TOKEN&gt;"</span> <span class="nv">NEXT_APP_PANGEA_DOMAIN</span><span class="o">=</span><span class="s2">"&lt;PANGEA_DOMAIN&gt;"</span> </code></pre> </div> <h3> Step 3: Add the Pangea React Auth components to the new Next app (Page Router Mode) </h3> <p>Now we edit our <code>_app.js</code> file with the <code>&lt;AuthProvider&gt;</code> component that maintains authentication context and state across the application.</p> <p>So our <code>_app.js</code> file should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="dl">"</span><span class="s2">@/styles/globals.css</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="kd">type</span> <span class="p">{</span> <span class="nx">AppProps</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/app</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Pangea imports</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AuthProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@pangeacyber/react-auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">App</span><span class="p">({</span> <span class="nx">Component</span><span class="p">,</span> <span class="nx">pageProps</span> <span class="p">}:</span> <span class="nx">AppProps</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Setup props with Pangea AuthN config</span> <span class="kd">const</span> <span class="nx">hostedLoginURL</span> <span class="o">=</span> <span class="nx">process</span><span class="p">?.</span><span class="nx">env</span><span class="p">?.</span><span class="nx">NEXT_PUBLIC_AUTHN_HOSTED_LOGIN_URL</span> <span class="o">||</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">authConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">clientToken</span><span class="p">:</span> <span class="nx">process</span><span class="p">?.</span><span class="nx">env</span><span class="p">?.</span><span class="nx">NEXT_PUBLIC_AUTHN_CLIENT_TOKEN</span> <span class="o">||</span> <span class="dl">""</span><span class="p">,</span> <span class="na">domain</span><span class="p">:</span> <span class="nx">process</span><span class="p">?.</span><span class="nx">env</span><span class="p">?.</span><span class="nx">NEXT_PUBLIC_PANGEA_DOMAIN</span> <span class="o">||</span> <span class="dl">""</span><span class="p">,</span> <span class="p">};</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">AuthProvider</span> <span class="nx">loginUrl</span><span class="o">=</span><span class="p">{</span><span class="nx">hostedLoginURL</span><span class="p">}</span> <span class="nx">config</span><span class="o">=</span><span class="p">{</span><span class="nx">authConfig</span><span class="p">}</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">Component</span> <span class="p">{...</span><span class="nx">pageProps</span><span class="p">}</span> <span class="sr">/</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/AuthProvider</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Now that we have the <code>AuthProvider</code> keeping context across the application, we can now implement the login functionality by simply calling the useAuth hook in our <code>index.js</code> file. Let’s also add a conditional redirect in a <code>useEffect</code> hook to automatically redirect a user if they’re logged in to a page called <code>/login-success</code> that we will create later.</p> <p>Thus your <code>index.js</code> file should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Pangea AuthN imports</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useAuth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@pangeacyber/react-auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useEffect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">react</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useRouter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/router</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">Home</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">authenticated</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">login</span><span class="p">,</span> <span class="nx">loading</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuth</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">useRouter</span><span class="p">();</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">authenticated</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">loading</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Redirect to /login-success if user is authenticated</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">"</span><span class="s2">/login-success</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">user</span><span class="p">,</span> <span class="nx">authenticated</span><span class="p">,</span> <span class="nx">loading</span><span class="p">])</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex flex-col items-center justify-center h-screen bg-gradient-to-br from-[#8b5cf6] to-[#a855f7]</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h1</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-4xl font-bold text-white mb-6</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">Login</span> <span class="kd">with</span> <span class="nx">Passkeys</span> <span class="err">🔑</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">inline-flex items-center justify-center rounded-md bg-white px-4 py-2 text-sm font-medium text-[#8b5cf6] shadow-sm transition-colors hover:bg-gray-100 focus:outline-none focus:ring-2 focus:ring-[#8b5cf6] focus:ring-offset-2 mb-6</span><span class="dl">"</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">login</span><span class="p">}</span> <span class="o">&gt;</span> <span class="nx">Login</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">text-xl font-light text-blue-300 underline</span><span class="dl">"</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://pangea.cloud/services/authn/?utm_source=blog&amp;utm_medium=passkeys-nextjs-snippet</span><span class="dl">"</span> <span class="nx">target</span><span class="o">=</span><span class="dl">"</span><span class="s2">_blank</span><span class="dl">"</span> <span class="nx">rel</span><span class="o">=</span><span class="dl">"</span><span class="s2">noopener noreferrer</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="nx">Try</span> <span class="nx">Pangea</span> <span class="nx">AuthN</span> <span class="k">for</span> <span class="nx">free</span> <span class="nx">today</span><span class="o">!</span> <span class="o">&lt;</span><span class="sr">/a</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Now that we have our login page, let’s define an authenticated page called <code>login-success.tsx</code> by using the <code>useAuth</code> hook to get user information and display it.</p> <p>Thus your <code>login-success.tsx</code> file should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Pangea AuthN imports</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useAuth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@pangeacyber/react-auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useEffect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">react</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useRouter</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/router</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">function</span> <span class="nf">Home</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">authenticated</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">logout</span><span class="p">,</span> <span class="nx">loading</span><span class="p">,</span> <span class="nx">getToken</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuth</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">router</span> <span class="o">=</span> <span class="nf">useRouter</span><span class="p">();</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">authenticated</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">loading</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Redirect to / if user is NOT authenticated</span> <span class="nx">router</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">user</span><span class="p">,</span> <span class="nx">authenticated</span><span class="p">,</span> <span class="nx">loading</span><span class="p">])</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex flex-col h-screen w-full items-center justify-center bg-gradient-to-br from-[#7e22ce] to-[#a855f7]</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">rounded-lg bg-white p-8 shadow-lg w-full max-w-md</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex items-center justify-between mb-6</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">bg-gray-100 px-3 py-1 rounded-full text-sm text-gray-500</span><span class="dl">"</span><span class="o">&gt;</span><span class="nx">hi</span> <span class="p">{</span><span class="nx">user</span><span class="p">?.</span><span class="nx">email</span><span class="p">}</span><span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">inline-flex items-center justify-center rounded-md bg-white px-4 py-2 text-sm font-medium text-[#8b5cf6] shadow-sm transition-colors hover:bg-gray-100 focus:outline-none focus:ring-2 focus:ring-[#8b5cf6] focus:ring-offset-2 mb-6</span><span class="dl">"</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">logout</span><span class="p">}</span><span class="o">&gt;</span> <span class="nx">Sign</span> <span class="nx">Out</span> <span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex items-center justify-start g</span><span class="dl">"</span><span class="o">&gt;</span> <span class="p">{</span><span class="cm">/* Fun lil GIF */</span><span class="p">}</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">flex flex-col</span><span class="dl">"</span><span class="o">&gt;&lt;</span><span class="nx">iframe</span> <span class="nx">src</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://giphy.com/embed/IwAZ6dvvvaTtdI8SD5</span><span class="dl">"</span> <span class="nx">width</span><span class="o">=</span><span class="dl">"</span><span class="s2">480</span><span class="dl">"</span> <span class="nx">height</span><span class="o">=</span><span class="dl">"</span><span class="s2">400</span><span class="dl">"</span> <span class="nx">frameBorder</span><span class="o">=</span><span class="dl">"</span><span class="s2">0</span><span class="dl">"</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">h-3/4 w-3/4</span><span class="dl">"</span> <span class="nx">allowFullScreen</span><span class="o">&gt;&lt;</span><span class="sr">/iframe&gt;&lt;p className="text-xs"&gt;&lt;a href="https:/</span><span class="o">/</span><span class="nx">giphy</span><span class="p">.</span><span class="nx">com</span><span class="o">/</span><span class="nx">gifs</span><span class="o">/</span><span class="nx">theoffice</span><span class="o">-</span><span class="nx">the</span><span class="o">-</span><span class="nx">office</span><span class="o">-</span><span class="nx">tv</span><span class="o">-</span><span class="nx">michaels</span><span class="o">-</span><span class="nx">birthday</span><span class="o">-</span><span class="nx">IwAZ6dvvvaTtdI8SD5</span><span class="dl">"</span><span class="s2">&gt;via GIPHY&lt;/a&gt;&lt;/p&gt;&lt;/div&gt; {/* Access user's information through user variable */} &lt;p className=</span><span class="dl">"</span><span class="nx">flex</span><span class="o">-</span><span class="nx">none</span> <span class="nx">text</span><span class="o">-</span><span class="p">[</span><span class="err">#</span><span class="mi">8</span><span class="nx">b5cf6</span><span class="p">]</span><span class="dl">"</span><span class="s2">&gt;User Name: {user?.profile.first_name} {user?.profile.last_name}&lt;/p&gt; &lt;/div&gt; &lt;/div&gt; &lt;div className=</span><span class="dl">"</span><span class="nx">space</span><span class="o">-</span><span class="nx">y</span><span class="o">-</span><span class="mi">4</span> <span class="nx">mt</span><span class="o">-</span><span class="mi">6</span><span class="dl">"</span><span class="s2">&gt; &lt;div className=</span><span class="dl">"</span><span class="nx">flex</span> <span class="nx">items</span><span class="o">-</span><span class="nx">center</span> <span class="nx">space</span><span class="o">-</span><span class="nx">x</span><span class="o">-</span><span class="mi">4</span><span class="dl">"</span><span class="s2">&gt; &lt;a className=</span><span class="dl">"</span><span class="nx">text</span><span class="o">-</span><span class="nx">xl</span> <span class="nx">font</span><span class="o">-</span><span class="nx">light</span> <span class="nx">text</span><span class="o">-</span><span class="nx">blue</span><span class="o">-</span><span class="mi">300</span> <span class="nx">underline</span><span class="dl">"</span><span class="s2"> href=</span><span class="dl">"</span><span class="nx">https</span><span class="p">:</span><span class="c1">//pangea.cloud/services/authn/?utm_source=blog&amp;utm_medium=passkeys-nextjs-snippet"</span> <span class="nx">target</span><span class="o">=</span><span class="dl">"</span><span class="s2">_blank</span><span class="dl">"</span> <span class="nx">rel</span><span class="o">=</span><span class="dl">"</span><span class="s2">noopener noreferrer</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="nx">Try</span> <span class="nx">Pangea</span> <span class="nx">AuthN</span> <span class="k">for</span> <span class="nx">free</span> <span class="nx">today</span><span class="o">!</span> <span class="o">&lt;</span><span class="sr">/a</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> Step 4: Enable Passkeys Authentication in Pangea console </h3> <p>Since we have a <code>/login-success</code> page to redirect to on successful authentication, we need to add an authorized redirect so that Pangea’s AuthN hosted pages can securely redirect a user back to the <code>http://localhost:3000/login-success</code> when done authenticating.</p> <p>So first, let’s go under <code>General &gt; Redirect (Callback) Settings</code> and add <code>http://localhost:3000/*</code> as a redirect and save it. This will allow redirects to all routes on our host <code>http://localhost:3000</code>.</p> <p>Here comes the last step, let’s enable Passkeys! Head over to Single Sign On &gt; Passkeys and enable it. Optionally you can choose to enable fallback authentication options based on your desired user experience.</p> <p>Here’s a quick video on how you can enable it in settings:<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/M2kPx1WteEE"> </iframe> </p> <p>Let’s test it out! You can find the code in <a href="https://github.com/pangeacyber/pangea-integration-nextjs-authn">Github</a> and watch the demo below.</p> <h2> <iframe width="710" height="399" src="https://www.youtube.com/embed/WcoEiqsSRuE"> </iframe> </h2> <p>If you are looking to add Pangea AuthN to other languages or frameworks, follow these tutorials:</p> <ul> <li><a href="https://pangea.cloud/blog/add-passkeys-to-reactjs-in-2mins/?utm_source=devto&amp;utm_medium=nextjs-passkeys-blog">React.js</a></li> <li><a href="https://pangea.cloud/blog/add-login-with-passkeys-to-your-django-app/?utm_source=devto&amp;utm_medium=nextjs-passkeys-blog">Python Django</a></li> </ul> nextjs passkeys authjs react Add "Login with Passkeys" to your React.js app in < 2 mins Pranav Shikarpur Wed, 03 Apr 2024 15:06:10 +0000 https://dev.to/pangea/add-login-with-passkeys-to-your-reactjs-app-in-2-mins-2k4a https://dev.to/pangea/add-login-with-passkeys-to-your-reactjs-app-in-2-mins-2k4a <p>Passkeys, passkeys, passkeys! Everyone's talking about them. With <a href="https://www.theverge.com/2023/10/23/23928589/amazon-passkey-support-web-ios-shopping-mobile-app?ref=pangea.cloud">Amazon</a> rolling out passkeys last year and <a href="https://blog.google/technology/safety-security/passkeys-default-google-accounts/?ref=pangea.cloud">Google</a> encouraging users to make them the default authentication method, it raises the question: How do I add them to my app?</p> <h2> How do passkeys work? </h2> <p>If you’re just interested in implementing them, you can skip this section. No offense taken 😉</p> <p>FIDO2 multidevice credentials more often referred to as “passkeys” is a standard introduced by the FIDO alliance. It’s an extremely powerful way of using public-key cryptography to verify the identity of a user without passwords, multi-factor, etc. The public / private key pair is usually generated and securely stored on a hardware or software authenticator device.</p> <p>To learn more about how passkeys and authenticators work in detail, check out the <a href="https://pangea.cloud/securebydesign/authn-using-passkeys/">Secure By Design Hub article</a> on passkeys.</p> <h2> How do I build it in? </h2> <p>In this tutorial, we’re going to leverage Pangea AuthN’s hosted pages to be able to quickly configure passkeys without building all the cryptographic mayhem from scratch 😅. To prove that it’s easy to add passkeys into any application in just a few minutes, I’m going to start with a fresh new React.js app and implement passkeys in just a few steps.</p> <h3> Step 1: Create a new React App and install Pangea AuthN react wrapper </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx create-react-app passkeys-demo <span class="o">&amp;&amp;</span> <span class="se">\</span> <span class="nb">cd </span>passkeys-demo <span class="o">&amp;&amp;</span> <span class="se">\</span> npm i @pangeacyber/react-auth </code></pre> </div> <h3> Step 2: Create an account on <a href="https://pangea.cloud/?utm_source=devto&amp;utm_medium=passkeys-reactjs-blog">pangea.cloud</a> </h3> <p>Head over to <a href="https://pangea.cloud/?utm_source=devto&amp;utm_medium=passkeys-reactjs-blog">pangea.cloud</a> and create an account for free. Then in the developer console, enable the “AuthN” service and grab the following tokens. These tokens will be pasted in your .env config file as shown below.</p> <p>Add these tokens into a <code>.env</code> file like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>REACT_APP_LOGIN_URL="&lt;PROJECT_HOSTED_LOGIN_URL&gt;" REACT_APP_CLIENT_TOKEN="&lt;PROJECT_CLIENT_TOKEN&gt;" REACT_APP_PANGEA_DOMAIN="&lt;PANGEA_DOMAIN&gt;" </code></pre> </div> <h3> Step 3: Add the Pangea React Auth components to the new React app </h3> <p>Now we edit our <code>index.js</code> file with the <code>&lt;AuthProvider&gt;</code> component that maintains authentication context and state across the application.</p> <p>So our <code>index.js</code> file should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">React</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">ReactDOM</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react-dom/client</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="dl">'</span><span class="s1">./index.css</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">App</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./App</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Import Pangea AuthProvider component</span> <span class="k">import</span> <span class="p">{</span><span class="nx">AuthProvider</span><span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@pangeacyber/react-auth</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">root</span> <span class="o">=</span> <span class="nx">ReactDOM</span><span class="p">.</span><span class="nf">createRoot</span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">root</span><span class="dl">'</span><span class="p">));</span> <span class="nx">root</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">React</span><span class="p">.</span><span class="nx">StrictMode</span><span class="o">&gt;</span> <span class="p">{</span><span class="cm">/* We wrap the App component with our AuthProvider */</span><span class="p">}</span> <span class="o">&lt;</span><span class="nx">AuthProvider</span> <span class="nx">config</span><span class="o">=</span><span class="p">{{</span> <span class="na">domain</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_PANGEA_DOMAIN</span><span class="p">,</span> <span class="na">clientToken</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_CLIENT_TOKEN</span><span class="p">,</span> <span class="na">useJwt</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}}</span> <span class="nx">cookieOptions</span><span class="o">=</span><span class="p">{{</span> <span class="na">useCookie</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">cookieName</span><span class="p">:</span> <span class="dl">"</span><span class="s2">pangea-authn</span><span class="dl">"</span> <span class="p">}}</span> <span class="nx">loginUrl</span><span class="o">=</span><span class="p">{</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_LOGIN_URL</span><span class="p">}</span> <span class="nx">useStrictStateCheck</span><span class="o">=</span><span class="p">{</span><span class="kc">false</span><span class="p">}</span> <span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">App</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="sr">/AuthProvider</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/React.StrictMode</span><span class="err">&gt; </span><span class="p">);</span> </code></pre> </div> <p>Now that we have the AuthProvider keeping context across the application, we can now implement the login and logout functionality by simply calling the <code>useAuth</code> hook in our <code>App.js</code> file.</p> <p>Thus your <code>App.js</code> file should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="dl">'</span><span class="s1">./App.css</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Pangea AuthN imports</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useAuth</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@pangeacyber/react-auth</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">App</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">authenticated</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">login</span><span class="p">,</span> <span class="nx">logout</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">useAuth</span><span class="p">();</span> <span class="k">return </span><span class="p">(</span> <span class="o">&lt;</span><span class="nx">div</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">App</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">header</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">App-header</span><span class="dl">"</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nx">h1</span> <span class="o">&gt;</span><span class="nx">Login</span> <span class="kd">with</span> <span class="nx">Passkeys</span> <span class="err">🔑</span><span class="o">&lt;</span><span class="sr">/h1</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">p</span><span class="o">&gt;</span> <span class="p">{</span><span class="cm">/* Check if user is authenticated */</span><span class="p">}</span> <span class="p">{</span> <span class="nx">authenticated</span> <span class="p">?</span> <span class="o">&lt;</span><span class="nx">p</span><span class="o">&gt;</span> <span class="nx">Welcome</span><span class="p">,</span> <span class="p">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span><span class="o">!</span> <span class="o">&lt;</span><span class="nx">br</span> <span class="o">/&gt;</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">style</span><span class="o">=</span><span class="p">{{</span> <span class="na">background</span><span class="p">:</span> <span class="dl">'</span><span class="s1">linear-gradient(to right, #ff416c, #ff4b2b)</span><span class="dl">'</span><span class="p">,</span> <span class="na">border</span><span class="p">:</span> <span class="dl">'</span><span class="s1">none</span><span class="dl">'</span><span class="p">,</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">white</span><span class="dl">'</span><span class="p">,</span> <span class="na">padding</span><span class="p">:</span> <span class="dl">'</span><span class="s1">10px 20px</span><span class="dl">'</span><span class="p">,</span> <span class="na">borderRadius</span><span class="p">:</span> <span class="dl">'</span><span class="s1">5px</span><span class="dl">'</span><span class="p">,</span> <span class="na">cursor</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pointer</span><span class="dl">'</span><span class="p">,</span> <span class="na">fontSize</span><span class="p">:</span> <span class="dl">'</span><span class="s1">16px</span><span class="dl">'</span><span class="p">,</span> <span class="na">fontWeight</span><span class="p">:</span> <span class="dl">'</span><span class="s1">bold</span><span class="dl">'</span><span class="p">,</span> <span class="na">boxShadow</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0px 2px 5px rgba(0, 0, 0, 0.2)</span><span class="dl">'</span><span class="p">,</span> <span class="p">}}</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">logout</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Logout</span><span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="p">:</span> <span class="o">&lt;</span><span class="nx">button</span> <span class="nx">style</span><span class="o">=</span><span class="p">{{</span> <span class="na">background</span><span class="p">:</span> <span class="dl">'</span><span class="s1">linear-gradient(to right, #416cff, #4b2bff)</span><span class="dl">'</span><span class="p">,</span> <span class="na">border</span><span class="p">:</span> <span class="dl">'</span><span class="s1">none</span><span class="dl">'</span><span class="p">,</span> <span class="na">color</span><span class="p">:</span> <span class="dl">'</span><span class="s1">white</span><span class="dl">'</span><span class="p">,</span> <span class="na">padding</span><span class="p">:</span> <span class="dl">'</span><span class="s1">10px 20px</span><span class="dl">'</span><span class="p">,</span> <span class="na">borderRadius</span><span class="p">:</span> <span class="dl">'</span><span class="s1">5px</span><span class="dl">'</span><span class="p">,</span> <span class="na">cursor</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pointer</span><span class="dl">'</span><span class="p">,</span> <span class="na">fontSize</span><span class="p">:</span> <span class="dl">'</span><span class="s1">16px</span><span class="dl">'</span><span class="p">,</span> <span class="na">fontWeight</span><span class="p">:</span> <span class="dl">'</span><span class="s1">bold</span><span class="dl">'</span><span class="p">,</span> <span class="na">boxShadow</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0px 2px 5px rgba(0, 0, 0, 0.2)</span><span class="dl">'</span><span class="p">,</span> <span class="p">}}</span> <span class="nx">onClick</span><span class="o">=</span><span class="p">{</span><span class="nx">login</span><span class="p">}</span><span class="o">&gt;</span><span class="nx">Login</span><span class="o">&lt;</span><span class="sr">/button</span><span class="err">&gt; </span> <span class="p">}</span> <span class="o">&lt;</span><span class="sr">/p</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="nx">a</span> <span class="nx">className</span><span class="o">=</span><span class="dl">"</span><span class="s2">App-link</span><span class="dl">"</span> <span class="nx">href</span><span class="o">=</span><span class="dl">"</span><span class="s2">https://pangea.cloud/services/authn/?utm_source=blog&amp;utm_medium=passkeys-snippet</span><span class="dl">"</span> <span class="nx">target</span><span class="o">=</span><span class="dl">"</span><span class="s2">_blank</span><span class="dl">"</span> <span class="nx">rel</span><span class="o">=</span><span class="dl">"</span><span class="s2">noopener noreferrer</span><span class="dl">"</span> <span class="o">&gt;</span> <span class="nx">Try</span> <span class="nx">Pangea</span> <span class="nx">AuthN</span> <span class="k">for</span> <span class="nx">free</span> <span class="nx">today</span><span class="o">!</span> <span class="o">&lt;</span><span class="sr">/a</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/header</span><span class="err">&gt; </span> <span class="o">&lt;</span><span class="sr">/div</span><span class="err">&gt; </span> <span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">App</span><span class="p">;</span> </code></pre> </div> <h3> Step 4: Enable Passkeys Authentication in Pangea console </h3> <p>Since we’re using a React SPA (single page application), we need to add an authorized redirect, so that Pangea’s AuthN hosted pages can successfully redirect us back to the <a href="http://localhost:3000/">http://localhost:3000/</a> when a user is done authenticating.</p> <p>So first, let’s go under <code>General &gt; Redirect (Callback)</code> Settings and add <code>http://localhost:3000/</code> as a redirect and save it.</p> <p>Here comes the last step, let’s enable Passkeys! Head over to Single Sign On &gt; Passkeys and enable it. Optionally you can choose to enable fallback authentication options based on your desired user experience.</p> <p>Here’s a quick video on how you can enable it in settings:</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/M2kPx1WteEE"> </iframe> </p> <p>Let's test it out!</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/2jSHLlMpBiQ"> </iframe> </p> webdev javascript react authjs Integrate an Audit Trail for NextAuth.js in a few lines of code Pranav Shikarpur Wed, 13 Mar 2024 13:56:30 +0000 https://dev.to/pangea/integrate-an-audit-trail-for-nextauthjs-in-a-few-lines-of-code-2cmo https://dev.to/pangea/integrate-an-audit-trail-for-nextauthjs-in-a-few-lines-of-code-2cmo <p>In the world where hackers are trying to brute force user accounts (<a href="https://techcrunch.com/2023/12/04/23andme-confirms-hackers-stole-ancestry-data-on-6-9-million-users/" rel="noopener noreferrer">23andMe breach 2023</a>) and session tokens are being stolen (<a href="https://techcrunch.com/2023/10/20/okta-says-hackers-stole-customer-access-tokens-from-support-unit/" rel="noopener noreferrer">OKTA breach 2023</a>) to impersonate authenticated users and run critical user actions, it is highly important for developers to maintain a tamper-proof audit log of all authentication events to keep their apps secure.</p> <p>An audit log is a log service that’s used to keep track of all critical and sensitive user actions that take place across your applications. Events being logged could include sensitive file access, user logins, deleting or updating database records, etc.</p> <h2> What are the Advantages of an Tamperproof Audit Log? </h2> <ul> <li><p><strong>Identify Risk of Exposure</strong><br> A robust tamperproof audit log can help quickly assess the risk of exposure after a data breach since you have logs of all user events and critical user actions that occurred in our app.</p></li> <li><p><strong>Can’t be Tampered with</strong><br> Since message hashes of Pangea Audit Logs have been designed to be stored in a cryptographically secure hash-tree called “Merkle Trees”, the logs are tamperproof and cryptographically verifiable. Thus Pangea Audit Logs can neither be changed nor destroyed once created.</p></li> <li><p><strong>Asynchronous Logging</strong><br> Since Pangea Audit Logs can be implemented asynchronously with our authentication system and APIs, it doesn’t affect the performance of our web apps.</p></li> </ul> <h2> Adding the Audit Trail to Our NextAuth.js App </h2> <p>In this tutorial, I will demonstrate how easy it is to add a tamper-proof audit log to an authentication setup. For the purposes of this tutorial, I’m going to use <a href="https://next-auth.js.org/?ref=pangea.cloud" rel="noopener noreferrer">NextAuth.js</a> - a popular JavaScript authentication library - to demonstrate how we can add secure audit logging to our JavaScript apps in just a few lines of code.</p> <p>To follow along, head over to <a href="https://next-auth.js.org/" rel="noopener noreferrer">next-auth.js.org</a> and follow the “Getting Started” tutorial. Once we’ve setup our Next.js app with NextAuth, we’re going to update the <code>[...next-auth].ts</code> file to include an events code block that will send data to the Pangea Audit Log API asynchronously on every signIn and signOut event.</p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="nx">NextAuth</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">User</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth</span><span class="dl">"</span> <span class="c1">// Imports to add</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">JWT</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next-auth/jwt</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">auditLogToPangea</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/utils/auditLog</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">authOptions</span> <span class="o">=</span> <span class="p">{</span> <span class="c1">// Configure one or more authentication providers</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="c1">// List all your providers here</span> <span class="c1">// ...</span> <span class="p">],</span> <span class="c1">// events code block to add</span> <span class="na">events</span><span class="p">:</span> <span class="p">{</span> <span class="k">async</span> <span class="nf">signIn</span><span class="p">({</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">isNewUser</span> <span class="p">}:</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="nx">User</span><span class="p">,</span> <span class="nx">isNewUser</span><span class="p">?:</span> <span class="nx">boolean</span> <span class="o">|</span> <span class="kc">undefined</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">auditLogData</span> <span class="o">=</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span> <span class="k">as</span> <span class="kr">string</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span> <span class="k">as</span> <span class="kr">string</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">isNewUser</span> <span class="p">?</span> <span class="dl">"</span><span class="s2">User signed up</span><span class="dl">"</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">User logged in</span><span class="dl">"</span><span class="p">,</span> <span class="na">event</span><span class="p">:</span> <span class="nx">isNewUser</span> <span class="p">?</span> <span class="dl">"</span><span class="s2">signup</span><span class="dl">"</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">login</span><span class="dl">"</span><span class="p">,</span> <span class="p">}</span> <span class="c1">// Call pangea secure audit log on sign in</span> <span class="k">await</span> <span class="nf">auditLogToPangea</span><span class="p">(</span><span class="nx">auditLogData</span><span class="p">);</span> <span class="p">},</span> <span class="k">async</span> <span class="nf">signOut</span><span class="p">({</span><span class="nx">token</span><span class="p">}:</span> <span class="p">{</span><span class="na">token</span><span class="p">:</span> <span class="nx">JWT</span><span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">auditLogData</span> <span class="o">=</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">token</span><span class="p">.</span><span class="nx">email</span> <span class="k">as</span> <span class="kr">string</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">token</span><span class="p">.</span><span class="nx">name</span> <span class="k">as</span> <span class="kr">string</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">User logged out</span><span class="dl">"</span><span class="p">,</span> <span class="na">event</span><span class="p">:</span> <span class="dl">"</span><span class="s2">logout</span><span class="dl">"</span><span class="p">,</span> <span class="p">}</span> <span class="c1">// Call pangea secure audit log on sign out</span> <span class="k">await</span> <span class="nf">auditLogToPangea</span><span class="p">(</span><span class="nx">auditLogData</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// end events code block</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nc">NextAuth</span><span class="p">(</span><span class="nx">authOptions</span><span class="p">)</span> </code></pre> </div> <p>Now that we’ve added code to make an audit log happen on every signIn and signOut event, let’s create the <code>auditLogToPangea</code> function in the <code>src/utils</code> folder that uses the <code>pangea-node-sdk</code> to send log data to the Pangea secure audit log API.</p> <p>Create the file <code>auditLog.ts</code></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">PangeaConfig</span><span class="p">,</span> <span class="nx">AuditService</span><span class="p">,</span> <span class="nx">PangeaErrors</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">pangea-node-sdk</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">auditLogToPangea</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">logData</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PANGEA_TOKEN</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PangeaConfig</span><span class="p">({</span> <span class="na">domain</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PANGEA_DOMAIN</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">audit</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">AuditService</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">config</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">message</span><span class="dl">"</span><span class="p">:</span> <span class="nx">logData</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="dl">"</span><span class="s2">action</span><span class="dl">"</span><span class="p">:</span> <span class="nx">logData</span><span class="p">.</span><span class="nx">event</span><span class="p">,</span> <span class="dl">"</span><span class="s2">email</span><span class="dl">"</span><span class="p">:</span> <span class="nx">logData</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="dl">"</span><span class="s2">name</span><span class="dl">"</span><span class="p">:</span> <span class="nx">logData</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="dl">"</span><span class="s2">target</span><span class="dl">"</span><span class="p">:</span> <span class="nx">logData</span><span class="p">.</span><span class="nx">target</span> <span class="p">?</span> <span class="nx">logData</span><span class="p">.</span><span class="nx">target</span> <span class="p">:</span> <span class="dl">""</span><span class="p">,</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Logging: %s</span><span class="dl">"</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">logResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">audit</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">data</span> <span class="k">as</span> <span class="kr">any</span><span class="p">,</span> <span class="p">{</span> <span class="na">verbose</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Response: %s</span><span class="dl">"</span><span class="p">,</span> <span class="nx">logResponse</span><span class="p">.</span><span class="nx">result</span><span class="p">);</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nx">PangeaErrors</span><span class="p">.</span><span class="nx">APIError</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">summary</span><span class="p">,</span> <span class="nx">err</span><span class="p">.</span><span class="nx">pangeaResponse</span><span class="p">);</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">auditLogToPangea</span><span class="p">;</span> </code></pre> </div> <p>You’re all set 🎉, now every time any user logs into our Next.js app using next-auth authentication setup, the user information along with the event is automatically audit logged and if we go to <code>View Logs</code> section in the <a href="https://console.pangea.cloud/service/audit/logs" rel="noopener noreferrer">Pangea User Console</a>, we should see something like the following:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr4nsw0jiwo08n9i69vs1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr4nsw0jiwo08n9i69vs1.png" alt="Image description"></a></p> <h2> Further Steps: </h2> <p>Now that we’ve seen how easy it is to add an audit log to our authentication setup, we can go ahead and add audit logging to all the APIs used to perform critical user actions such as fetching PII, updating sensitive user fields, billing transactions, etc. We could either add this directly for each API in the app or run it as middleware to be able to log all user information going in and out of the applications APIs.</p> nextjs nextauthjs auditlogs security Light Sabers Unleashed: The Lazy Developer's Guide to Outsmarting Botnets Pranav Shikarpur Tue, 29 Aug 2023 14:24:47 +0000 https://dev.to/pangea/outsmart-botnets-with-ip-intel-10fi https://dev.to/pangea/outsmart-botnets-with-ip-intel-10fi <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--IakdRoZ1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/j4acp35krdjs657q3qn8.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--IakdRoZ1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/j4acp35krdjs657q3qn8.jpg" alt="R2D2 and C3PO from the movie Star wars" width="800" height="450"></a></p> Cover Image Credit: cc 2.0 www.flickr.com/photos/dwmoran/21548629573/ <p>In a galaxy far, far away starships sail through the vast expanse of the universe and struggle against dark forces. In that galaxy, the noble bot C-3PO brings order and harmony, while in ours not all bots act with such benevolence. Here, we struggle against different types of dark forces, often perpetuated by malicious bots themselves.  With the power of Pangea’s APIs and just a few lines of code, you can safeguard your app from the dark side just like a Jedi!</p> <p><a href="https://pangea.cloud/?utm_source=hashnode&amp;utm_medium=blog-post&amp;utm_campaign=lightsabers-botnet-blog">Pangea</a> recently partnered with <a href="https://pangea.cloud/docs/blog/pangea-and-team-cymru-the-better-together-story?utm_source=hashnode&amp;utm_medium=blog-post&amp;utm_campaign=lightsabers-botnet-blog">Team Cymru</a> (a company with a state-of-the-art botnet detection dataset) to provide developers access to IP reputation data through Pangea’s APIs. Through the <a href="https://pangea.cloud/services/ip-intel/reputation/?utm_source=hashnode&amp;utm_medium=blog-post&amp;utm_campaign=lightsabers-botnet-blog">Pangea IP Intel API</a>, developers can wield Jedi-like powers to regulate access for critical user actions on an app, such as registrations, logins, and payments, effectively thwarting malicious bots from executing these operations.</p> <h2> Why not use a <a href="https://en.wikipedia.org/wiki/Web_application_firewall">WAF</a> or other DDOS protection? </h2> <p>Well, while DDOS attacks are one type of damage that bots can cause, botnets can't only be stopped by WAFs due to the nature of the different potential attack vectors. Attacks such as <a href="https://en.wikipedia.org/wiki/Astroturfing">Astroturfing</a> allows botnets to post harmful content, spam various APIs, and degrade important functions in your app.  These attacks can be hard to prevent without advanced knowledge gained through botnet IP datasets such as the one offered by Pangea in partnership with Team Cymru.</p> <p><strong>So, let’s see how it works:</strong></p> <p><strong>Step 1:</strong> Write a util file that makes the API call to Pangea’s IP reputation endpoint.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">PangeaConfig</span><span class="p">,</span> <span class="nx">IPIntelService</span><span class="p">,</span> <span class="nx">PangeaErrors</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">pangea-node-sdk</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// API credential stuff</span> <span class="kd">const</span> <span class="nx">domain</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PANGEA_DOMAIN</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PANGEA_INTEL_TOKEN</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">PangeaConfig</span><span class="p">({</span> <span class="na">domain</span><span class="p">:</span> <span class="nx">domain</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">ipIntel</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">IPIntelService</span><span class="p">(</span><span class="nb">String</span><span class="p">(</span><span class="nx">token</span><span class="p">),</span> <span class="nx">config</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">botDetector</span> <span class="o">=</span> <span class="k">async</span> <span class="p">(</span><span class="nx">ipAddress</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Selecting Cymru provider to detect malicious bots and botnets</span> <span class="kd">const</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{</span> <span class="na">provider</span><span class="p">:</span> <span class="dl">"</span><span class="s2">cymru</span><span class="dl">"</span><span class="p">,</span> <span class="na">verbose</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">raw</span><span class="p">:</span> <span class="kc">true</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ipIntel</span><span class="p">.</span><span class="nx">reputation</span><span class="p">(</span><span class="nx">ipAddress</span><span class="p">,</span> <span class="nx">options</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">verdict</span> <span class="o">==</span> <span class="dl">"</span><span class="s2">malicious</span><span class="dl">"</span> <span class="o">||</span> <span class="nx">response</span><span class="p">.</span><span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">verdict</span> <span class="o">==</span> <span class="dl">"</span><span class="s2">suspicious</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span><span class="na">isBotDetected</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">resultData</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// No bot detected</span> <span class="k">return</span> <span class="p">{</span><span class="na">isBotDetected</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">resultData</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">result</span><span class="p">.</span><span class="nx">data</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>All this util file does is make a call to Pangea’s API with a given IP address and return whether it found the IP to be a <code>malicious</code> or <code>suspicious</code> bot.</p> <p>Now this can be used like middleware in each of the app's critical API routes</p> <p><strong>STEP 2:</strong> Use the util file like middleware in every critical API route<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">handler</span><span class="p">(</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">NextApiRequest</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">NextApiResponse</span> <span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">detectedIP</span> <span class="o">=</span> <span class="nx">requestIp</span><span class="p">.</span><span class="nx">getClientIp</span><span class="p">(</span><span class="nx">req</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">isBotDetected</span><span class="p">,</span> <span class="nx">resultData</span><span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">botDetector</span><span class="p">(</span><span class="nx">detectedIP</span> <span class="k">as</span> <span class="kr">string</span><span class="p">)</span> <span class="kd">let</span> <span class="nx">code</span> <span class="o">=</span> <span class="mi">200</span> <span class="kd">let</span> <span class="nx">message</span> <span class="o">=</span> <span class="dl">""</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">isBotDetected</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Carry out critical action / user flow</span> <span class="nx">message</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Success, action was carried out</span><span class="dl">"</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// Bot throw an error</span> <span class="c1">// Throw captcha or block request action</span> <span class="nx">code</span> <span class="o">=</span> <span class="mi">429</span> <span class="nx">message</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Sorry you were classified as a bot, can't perform action.</span><span class="dl">"</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nx">status</span><span class="p">(</span><span class="nx">code</span><span class="p">).</span><span class="nx">json</span><span class="p">({</span> <span class="na">bot_status</span><span class="p">:</span> <span class="nx">isBotDetected</span><span class="p">,</span> <span class="na">your_ip</span><span class="p">:</span> <span class="nx">detectedIP</span><span class="p">,</span> <span class="na">message</span><span class="p">:</span> <span class="nx">message</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="nx">resultData</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Notice how I’ve used isBotDetected to determine which action to take. When a malicious bot is detected, I return the appropriate error code. Otherwise, I return a success message and let the action continue.</p> <p><strong>To see this in action</strong>, you will need to deploy it on Vercel for it to be able to accurately collect your IP address. Check out the <a href="https://github.com/snpranav/pangea-bot-detection-demo#usage">GitHub repo</a> with a small set of instructions to give it a try.</p> <p>With this newly acquired lightsaber of middleware, you have completed your Jedi-like training and can now proceed to swiftly cut down botnets before they start harming your application.</p> <p>The path to harness this power is accessible by signing up to the <a href="https://pangea.cloud/services/ip-intel/reputation/?utm_source=hashnode&amp;utm_medium=blog-post&amp;utm_campaign=lightsabers-botnet-blog">Pangea API for free</a>. Remember the wisdom of Master Yoda, “Do or do not. There is no try.” By only allowing access to friendly bots like C-3PO and thwarting malicious ones, you can safeguard your application's fate with Pangea's IP Intel API. Act now, and let your application flourish in the light of security!</p> cybersecurity webdev javascript botnets Protect Your User's PII from AI: Channel Your Inner Time Lord with Three Lines of Code Pranav Shikarpur Fri, 04 Aug 2023 16:40:58 +0000 https://dev.to/pangea/redact-chatgpt-blog-3-lines-9en https://dev.to/pangea/redact-chatgpt-blog-3-lines-9en <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--K2vUMz1e--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/15ncpkjyymhirozuja6z.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--K2vUMz1e--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/15ncpkjyymhirozuja6z.png" alt="Tardis from the Doctor Who series. Image credit: Wikipedia CC" width="800" height="531"></a></p> Image credit: Wikipedia CC <p>In a universe filled with AI technologies like <a href="https://openai.com/chatgpt">OpenAI's GPT-3</a> and other LLMs, app developers must step into the <a href="https://en.wikipedia.org/wiki/TARDIS">TARDIS</a> and assume the role of Time Lords, safeguarding customer privacy across time and space.</p> <p>LLMs like GPT-3 are extensively used by app developers for a diverse range of applications from helping students solve math homework more effectively to improving customer support in environments that handle sensitive customer data. Fear not, the <a href="https://pangea.cloud/services/redact/?utm_source=devto&amp;utm_medium=blog-link&amp;utm_campaign=redact-chatgpt-blog-3-lines">Pangea's Redact SDK</a> is your trusty <a href="https://en.wikipedia.org/wiki/Sonic_screwdriver">sonic screwdriver</a> 🪄, empowering you to redact personal and sensitive information from GPT-3 prompts with just three lines of code!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">pangea.services</span> <span class="kn">import</span> <span class="n">Redact</span> <span class="n">redact</span> <span class="o">=</span> <span class="n">Redact</span><span class="p">(</span><span class="s">"&lt;PANGEA_REDACT_TOKEN&gt;"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">clean_prompt</span><span class="p">(</span><span class="n">prompt</span><span class="p">):</span> <span class="k">return</span> <span class="n">redact</span><span class="p">.</span><span class="n">redact</span><span class="p">(</span><span class="n">text</span><span class="o">=</span><span class="n">prompt</span><span class="p">).</span><span class="n">result</span><span class="p">.</span><span class="n">redacted_text</span> <span class="p">...</span> <span class="p">...</span> <span class="n">response</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="n">Completion</span><span class="p">.</span><span class="n">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="s">"text-davinci-003"</span><span class="p">,</span> <span class="n">prompt</span><span class="o">=</span><span class="n">clean_prompt</span><span class="p">(</span><span class="s">"My email is dummyuser@pangea.cloud. Print my prompt out as is:"</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <p>Let’s dive into the code:</p> <p>Think of the <code>openai.Completion.create()</code> function as your TARDIS - you put a person (prompts with sensitive PII) in there and it can take you anywhere around the galaxy with endless possibilities. Now you want to make sure that the prompts with sensitive PII are not exposed to OpenAI’s API, so we use our handy sonic screwdriver (Pangea’s Redact APIs) in the <code>clean_prompt()</code> function to take out any sensitive PII before sending it off to OpenAI’s APIs.</p> <p>By adding just three lines of code, you're not only protecting your users' data but also preventing theses AI models from using customers’ PII as training data. Pangea's Redact SDK empowers you to meet regulatory requirements, build trust with your users, and create a safer AI-based applications.</p> <p>Head over to the <a href="https://console.pangea.cloud/service/redact/?utm_source=devto&amp;utm_medium=blog-link&amp;utm_campaign=redact-chatgpt-blog-3-lines">Pangea Console</a> to take your new sonic screwdriver for a spin!</p> <p>You can find full working code-examples in <a href="https://gist.github.com/snpranav/8346dace8b446e2d58c47204312d536e">Python</a> and <a href="https://gist.github.com/snpranav/a04cf104d6359414b3e74cc5e44a5d18">JavaScript</a></p> <p>Here's a video walk through of the same 👇<br> <iframe width="710" height="399" src="https://www.youtube.com/embed/LNN5s_6G3Cc"> </iframe> </p> security chatgpt devops api