DEV Community

loading...
Cover image for Passwordless in 10 minutes - idemeum JavaScript SDK
idemeum

Passwordless in 10 minutes - idemeum JavaScript SDK

Nikolay Poturnak
Digital identity and cyber security product leader. CEO @ idemeum (https://idemeum.com). ex Facebook, ex VMware, ex FireEye.
Originally published at blog.idemeum.com Updated on ・4 min read

One SDK, 10 minutes of your time, and you can bootstrap passwordless auth for your single-page app. With one SDK, you get all the flows: one-click, WebAuthn, and QR-code login.

When we developed idemeum JavaScript SDK our goal was simple - provide you with a seamless intuitive integration experience, yet give you the flexibility to implement the login flows that you need. With one SDK and simple configuration you get it all - one-click, WebAuthn, or QR-code login experience. You choose what works best for your use case through simple developer portal settings.

idemeum JS SDK provides 4 methods to help you with your login needs: login, logout, userClaims, isLoggedIn. By leveraging these methods you can enable passwordless, secure, and private login for your application.

In this guide we will go through the following steps to implement passwordless login with idemeum JavaScript SDK:

  1. Initialize idemeum SDK
  2. Manage authentication state with isLoggedIn
  3. Log the user in and out with login and logout
  4. Get and validate user claims with userClaims

1. Initialize idemeum SDK

Basic HTML setup

Our application will display a simple log in button. Upon clicking a button, user will be authenticated by idemeum. After successful authentication idemeum will return ID and Access tokens to the application, and the user will be greeted.

As a first step, let's set up a simple index.html page that we will be using for our application. We will set up some very simple css styles in order to format how things are organized in our page.


<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8" />
    <title>idemeum JS SDK</title>
    <link rel="stylesheet" type="text/css" href="/src/styles.css" />
  </head>
  <body>
    <h2>idemeum JS authentication sample</h2>
    <h4>Welcome to Application!</h4>
    <div id="initial">Loading...</div>
  </body>
</html>

Enter fullscreen mode Exit fullscreen mode

And our simple styles.css file.

/* our css style sheet that we save in styles.css and then import in out index page */

body {
  font-family: sans-serif;
}

#initial {
  align-self: center;
  justify-self: center;
  background-color: #eee;
  text-align: center;
  width: 300px;
  padding: 27px 18px;
}
Enter fullscreen mode Exit fullscreen mode

Import idemeum JS SDK

We can now import idemeum JavaScript SDK. For this guide we will simply import the script from idemeum CDN.

<script src="https://asset.idemeum.com/webapp/SDK/idemeum.js"></script>

Enter fullscreen mode Exit fullscreen mode

Initialize idemeum SDK

We can now initialize idemeum SDK instance. Do not forget to use your clientId that you obtained from idemeum developer portal.

      var idemeum = new IdemeumManager(
        // 👇 Replace clientId with the the one you get from idemeum developer portal
        (clientId = "00000000-0000-0000-0000-000000000000")
      );
Enter fullscreen mode Exit fullscreen mode

2. Manage user authentication state

idemeum SDK helps you manage authentication state of the user, so that you can determine if the user is logged in or not, and then take actions depending on the outcome. idemeum isLoggedIn returns Boolean value to identify the user authentication state.

In our application we will follow the following logic.

  • If the user is logged in, we will greet the user and display user claims.
  • In case the user is not logged in, we will not show any content and will simply display the login button.

As you can see in the code below, we are simply using login method for button onclick event.

      function isUserLoggedIn() {
        // Process the user logged-in state. 
        idemeum.isLoggedIn().then(
          function (data) {
            //  Display user claims if the user is logged in
            renderUserClaims();
          },
          function (errorData) {
            // Display the login button if the user is NOT logged in
            html = `<button id="btn-login" onclick="login()">Log in</button>`;
            document.getElementById("initial").innerHTML = html;
          }
        );
      }
Enter fullscreen mode Exit fullscreen mode

And we can trigger isUserLoggedIn() simply when the body of the document loads.

   <body onload="isUserLoggedIn()">
Enter fullscreen mode Exit fullscreen mode

3. Log the user in

When user clicks Log in button, idemeum SDK will trigger the login method. Let's define what will need to happen in our application. On success our application will receive ID and Access tokens from idemeum. We will need to process and validate those tokens. In case there is failure, we can process that as well in our code.

      function login() {
        idemeum.login({
          onSuccess: function (signinResponse) {
            // Your application will receive ID and Access tokens from idemeum
            // renderUserClaims() (defined below) validates the oidc token and fetches the user approved claims
            renderUserClaims();
          },
          onError: function (errorResponse) {
            // If there is an error you can process it here
          }
        });
      }
Enter fullscreen mode Exit fullscreen mode

4. Get and validate user claims

idemeum SDK returns ID and Access tokens upon successful user login. For token validation you can:

  1. Validate token yourself using any of the open source JWT token validation libraries.
  2. Use idemeum SDK that provides userClaims method to validate tokens.

In our guide we will rely on idemeum SDKs to validate tokens and extract user identity claims. In the code below we will take user claims (first name, last name, and email), and we will display these claims when the user is logged in.

      function renderUserClaims() {
        idemeum
          .userClaims()
          .then(function (userClaimsResponse) {
            //fetch user approved claims from OIDC token
            htmlStart = `<div>
                          <p align="left">You are currently logged in.</p>
                          <pre id="ipt-user-profile" align="left">User profile:<br>`;
            htmlProfile =
              "<b><h3 style='color:Tomato;'>First Name:" +
              userClaimsResponse.given_name +
              "</h3></b><br>" +
              "<b><h3 style='color:Tomato;'>Last Name:" +
              userClaimsResponse.family_name +
              "</h3></b><br>" +
              "<b><h3 style='color:Tomato;'>Email:" +
              userClaimsResponse.email;

            htmlEnd = `
                    </pre>
                    </div>
                    <button id="btn-logout" onclick="idemeum.logout();isUserLoggedIn();">Log out</button>`;
            document.getElementById("initial").innerHTML =
              htmlStart + htmlProfile + htmlEnd;
          })
          .catch(function (errorResponse) {
            // If there is an error you can process it here
          });
      }
Enter fullscreen mode Exit fullscreen mode

🎉 We are done with our simple SPA application!

You can check the full working code in CodeSandbox here.

You can check live demo of how you can authenticate users: one-click, WebAuthn, or QR-code.


At idemeum we build All-in-One Passwordless Identity Platform. We are happy to help you solve your sign up and login challenges.

Also published here.

Discussion (2)

Collapse
patarapolw profile image
Pacharapol Withayasakpunt

I have only one another requirement - authenticated API calls, with/without user credentials.

Collapse
munkey profile image
Nikolay Poturnak Author

Thank you for your time taking a look. Do you mean you have an API and you want to protect it with oAuth? Is that the use case?