Add Twitter, Google and GitHub claim issuers

Author: nick

Diff for: .gitignore

@@ -5,6 +5,8 @@ public/vendor*.js
 public/css/app.css
 data/db
 data/ipfs
+data/OfficialIdentities.js
+NOTES
 src/contracts/deployed.js
 issuer-services/package-lock.json
 issuer-services/up.json

Diff for: index.js

@@ -17,11 +17,7 @@ app.get('/', (req, res) => {
 })
 app.use(serveStatic('public'))
 
-simpleIssuer(app, {
-  web3: new Web3(),
-  privateKey:
-    '0xdb99a8d1fab57cb1d558973d2b1785232aaca4ee5e4e2224ef4a33e429cd5e00'
-})
+simpleIssuer(app, { web3: new Web3() })
 
 const startGanache = () =>
   new Promise((resolve, reject) => {

Diff for: issuer-services/_facebook.js

@@ -3,7 +3,8 @@
 var superagent = require('superagent')
 var HTML = require('./html')
 
-module.exports = function facebook(app, { web3, facebookApp, privateKey }) {
+module.exports = function facebook(app, { web3, facebookApp, baseUrl }) {
+  const redirect_uri = `${baseUrl}/fb-auth-response`
   app.get('/fb-auth', (req, res) => {
     if (!req.query.target) {
       res.send('No target identity contract provided')
@@ -19,8 +20,8 @@ module.exports = function facebook(app, { web3, facebookApp, privateKey }) {
     req.session.state = web3.utils.randomHex(8)
 
     var query = [
-      `client_id=${facebookApp.id}`,
-      `redirect_uri=${facebookApp.redirectURI}`,
+      `client_id=${facebookApp.client_id}`,
+      `redirect_uri=${redirect_uri}`,
       `state=${req.session.state}`
     ]
     res.redirect(
@@ -47,9 +48,9 @@ module.exports = function facebook(app, { web3, facebookApp, privateKey }) {
       superagent
         .get(`https://graph.facebook.com/v2.12/oauth/access_token`)
         .query({
-          client_id: facebookApp.id,
+          client_id: facebookApp.client_id,
           client_secret: facebookApp.secret,
-          redirect_uri: facebookApp.redirectURI,
+          redirect_uri,
           code: req.query.code
         })
         .then(response => {
@@ -65,12 +66,12 @@ module.exports = function facebook(app, { web3, facebookApp, privateKey }) {
         .get(`https://graph.facebook.com/debug_token`)
         .query({
           input_token: req.userToken.access_token,
-          access_token: `${facebookApp.id}|${facebookApp.secret}`
+          access_token: `${facebookApp.client_id}|${facebookApp.secret}`
         })
         .then(response => {
           req.tokenDebug = JSON.parse(response.text).data
 
-          if (req.tokenDebug.app_id !== facebookApp.id) {
+          if (req.tokenDebug.app_id !== facebookApp.client_id) {
             return res.send("Token's App does not match")
           }
           if (!req.tokenDebug.is_valid) {
@@ -86,7 +87,7 @@ module.exports = function facebook(app, { web3, facebookApp, privateKey }) {
     async (req, res) => {
       var data = JSON.stringify({ user_id: req.tokenDebug.user_id })
 
-      req.signedData = await web3.eth.accounts.sign(data, privateKey)
+      req.signedData = await web3.eth.accounts.sign(data, facebookApp.claimSignerKey)
 
       res.send(HTML(`
         <div class="mb-2">Successfully signed claim:</div>
@@ -100,7 +101,7 @@ module.exports = function facebook(app, { web3, facebookApp, privateKey }) {
           window.done = function() {
             window.opener.postMessage('signed-data:${
               req.signedData.signature
-            }:${req.signedData.messageHash}', '*')
+            }:${req.signedData.messageHash}:3', '*')
           }
         </script>`
       ))

Diff for: issuer-services/_github.js

@@ -0,0 +1,94 @@
+// https://github.com/settings/developers
+
+var OAuth = require('oauth').OAuth2
+var HTML = require('./html')
+var superagent = require('superagent')
+
+module.exports = function facebook(app, { web3, githubApp, baseUrl }) {
+  const redirect_uri = `${baseUrl}/github-auth-response`
+
+  var githubOAuth = new OAuth(
+    githubApp.client_id,
+    githubApp.secret,
+    'https://github.com',
+    '/login/oauth/authorize',
+    '/login/oauth/access_token',
+    null
+  )
+
+  app.get('/github-auth', (req, res) => {
+    if (!req.query.target) {
+      res.send('No target identity contract provided')
+      return
+    }
+    if (!req.query.issuer) {
+      res.send('No issuer identity contract provided')
+      return
+    }
+
+    req.session.targetIdentity = req.query.target
+    req.session.issuer = req.query.issuer
+    req.session.state = web3.utils.randomHex(8)
+
+    var authURL = githubOAuth.getAuthorizeUrl({
+      redirect_uri,
+      scope: ['user'],
+      state: req.session.state
+    })
+
+    res.redirect(authURL)
+  })
+
+  app.get(
+    '/github-auth-response',
+    (req, res, next) => {
+      githubOAuth.getOAuthAccessToken(
+        req.query.code,
+        { redirect_uri },
+        function(e, access_token, refresh_token, results) {
+          if (e) {
+            next(e)
+          } else if (results.error) {
+            next(results.error)
+          } else {
+            req.access_token = access_token
+            next()
+          }
+        }
+      )
+    },
+    (req, res, next) => {
+      superagent
+        .get('https://api.github.com/user')
+        .set('Authorization', `token ${req.access_token}`)
+        .accept('json')
+        .then(response => {
+          req.githubUser = response.body
+          next()
+        })
+    },
+    async (req, res) => {
+      var data = JSON.stringify({ user_id: req.githubUser.id })
+
+      req.signedData = await web3.eth.accounts.sign(data, githubApp.claimSignerKey)
+
+      res.send(
+        HTML(`
+        <div class="mb-2">Successfully signed claim:</div>
+        <div class="mb-2"><b>Issuer:</b> ${req.session.issuer}</div>
+        <div class="mb-2"><b>Target:</b> ${req.session.targetIdentity}</div>
+        <div class="mb-2"><b>Data:</b> ${data}</div>
+        <div class="mb-2"><b>Signature:</b> ${req.signedData.signature}</div>
+        <div class="mb-2"><b>Hash:</b> ${req.signedData.messageHash}</div>
+        <div><button class="btn btn-primary" onclick="window.done()">OK</button></div>
+        <script>
+          window.done = function() {
+            window.opener.postMessage('signed-data:${
+              req.signedData.signature
+            }:${req.signedData.messageHash}:5', '*')
+          }
+        </script>`)
+      )
+    }
+  )
+}

Diff for: issuer-services/_google.js

@@ -0,0 +1,99 @@
+// https://console.developers.google.com/apis/credentials
+
+var OAuth = require('oauth').OAuth2
+var HTML = require('./html')
+var superagent = require('superagent')
+
+module.exports = function facebook(app, { web3, googleApp, baseUrl }) {
+  const redirect_uri = `${baseUrl}/google-auth-response`
+
+  var googleOAuth = new OAuth(
+    googleApp.client_id,
+    googleApp.secret,
+    'https://accounts.google.com',
+    '/o/oauth2/auth',
+    '/o/oauth2/token'
+  )
+
+  app.get('/google-auth', (req, res) => {
+    if (!req.query.target) {
+      res.send('No target identity contract provided')
+      return
+    }
+    if (!req.query.issuer) {
+      res.send('No issuer identity contract provided')
+      return
+    }
+
+    req.session.targetIdentity = req.query.target
+    req.session.issuer = req.query.issuer
+    req.session.state = web3.utils.randomHex(8)
+
+    var authURL = googleOAuth.getAuthorizeUrl({
+      redirect_uri,
+      scope: 'https://www.googleapis.com/auth/userinfo.profile',
+      state: req.session.state,
+      response_type: 'code'
+    })
+
+    res.redirect(authURL)
+  })
+
+  app.get(
+    '/google-auth-response',
+    (req, res, next) => {
+      googleOAuth.getOAuthAccessToken(
+        req.query.code,
+        {
+          redirect_uri,
+          grant_type: 'authorization_code'
+        },
+        function(e, access_token, refresh_token, results) {
+          if (e) {
+            next(e)
+          } else if (results.error) {
+            next(results.error)
+          } else {
+            req.access_token = access_token
+            next()
+          }
+        }
+      )
+    },
+    (req, res, next) => {
+      superagent
+        .get('https://www.googleapis.com/oauth2/v1/userinfo')
+        .query({
+          alt: 'json',
+          access_token: req.access_token
+        })
+        .then(response => {
+          req.googleUser = response.body
+          next()
+        })
+    },
+    async (req, res) => {
+      var data = JSON.stringify({ user_id: req.googleUser.id })
+
+      req.signedData = await web3.eth.accounts.sign(data, googleApp.claimSignerKey)
+
+      res.send(
+        HTML(`
+        <div class="mb-2">Successfully signed claim:</div>
+        <div class="mb-2"><b>Issuer:</b> ${req.session.issuer}</div>
+        <div class="mb-2"><b>Target:</b> ${req.session.targetIdentity}</div>
+        <div class="mb-2"><b>Data:</b> ${data}</div>
+        <div class="mb-2"><b>Signature:</b> ${req.signedData.signature}</div>
+        <div class="mb-2"><b>Hash:</b> ${req.signedData.messageHash}</div>
+        <div><button class="btn btn-primary" onclick="window.done()">OK</button></div>
+        <script>
+          window.done = function() {
+            window.opener.postMessage('signed-data:${
+              req.signedData.signature
+            }:${req.signedData.messageHash}:6', '*')
+          }
+        </script>`)
+      )
+    }
+  )
+}

Diff for: issuer-services/_simple.js

@@ -1,6 +1,6 @@
 var HTML = require('./html')
 
-module.exports = function dummyService(app, { web3, privateKey }) {
+module.exports = function dummyService(app, { web3, simpleApp }) {
 
   app.get('/simple-auth', async (req, res) => {
     var issuer = req.query.issuer,
@@ -14,13 +14,13 @@ module.exports = function dummyService(app, { web3, privateKey }) {
       res.send(HTML('No issuer identity contract provided'))
       return
     }
-    if (!privateKey) {
+    if (!simpleApp.claimSignerKey) {
       res.send(HTML('No private key specified.'))
       return
     }
 
     var data = 'Identity Verified OK!'
-    var signedData = await web3.eth.accounts.sign(data, privateKey)
+    var signedData = await web3.eth.accounts.sign(data, simpleApp.claimSignerKey)
 
     res.send(
       HTML(