This repository was archived by the owner on Jan 8, 2026. It is now read-only.
ODHack: Implement Social Login(OAuth Authentication) #162
Description
Please add PRs to the update-P21 branch
Description:
Add OAuth authentication to the Soroban Example Dapp to allow users to log in using their social media accounts.
Tasks:
- Set Up OAuth Providers:
- Configure OAuth providers (e.g., Google, Facebook).
- Obtain necessary API keys and credentials.
- Implement Frontend Login Flow:
- Create a login button for each OAuth provider.
- Redirect users to the provider's authentication page.
- Handle the OAuth callback and retrieve user information.
- Integrate OAuth Authentication on Backend:
- Implement backend endpoints to handle OAuth authentication.
- Validate and store OAuth tokens securely.
- Create or update user records based on OAuth data.
- Ensure Secure Handling of OAuth Tokens:
- Implement best practices for storing and managing OAuth tokens.
- Ensure secure transmission of tokens between frontend and backend.
Create and Store a Key Pair After Signing in with OAuth
Account Creation
-
Generate Key Pair:
- After the user signs in using OAuth, generate a public and private key pair.
- Use a secure method to generate these keys, ensuring they are unique and sufficiently random.
-
Display Key Pair:
- Display the generated public and secret keypair to the user.
- Provide an option for the user to regenerate the keypair if they prefer.
-
Encrypt and Store Secret Key:
- Prompt the user to enter a pincode to encrypt their secret key.
- Use a strong encryption algorithm (e.g., AES) to encrypt the secret key before storing it in the browser’s localStorage.
User Experience
-
Secure Key Management:
- Inform the user that their encrypted secret key will only be stored locally in their browser.
- Emphasize that the key will not be shared with any server or third parties.
-
Confirm Pincode:
- When the user submits their pincode, confirm it by encrypting a sample data and verifying it can be decrypted correctly.
Code Implementation: Key Pair Management
-
Svelte Store for Key Pair:
- Create a Svelte store to handle the user's keypair.
- Use the js-stellar-wallets SDK to manage key encryption and decryption.
-
Store Key Pair:
import { persisted } from "svelte-local-storage-store"; import { KeyManager, KeyManagerPlugins, KeyType } from "@stellar/wallet-sdk"; import { error } from "@sveltejs/kit"; import { get } from "svelte/store"; function createWalletStore() { const { subscribe, set } = persisted("walletStore", { keyId: "", publicKey: "", }); return { subscribe, register: async ({ publicKey, secretKey, pincode }) => { try { const keyManager = setupKeyManager(); let keyMetadata = await keyManager.storeKey({ key: { type: KeyType.plaintextKey, publicKey: publicKey, privateKey: secretKey, }, password: pincode, encrypterName: KeyManagerPlugins.ScryptEncrypter.name, }); set({ keyId: keyMetadata.id, publicKey: publicKey, devInfo: { secretKey: secretKey, }, }); } catch (err) { console.error("Error saving key", err); throw error(400, { message: err.toString() }); } }, confirmCorrectPincode: async ({ pincode, firstPincode = "", signup = false }) => { if (!signup) { try { const keyManager = setupKeyManager(); let { keyId } = get(walletStore); await keyManager.loadKey(keyId, pincode); } catch (err) { throw error(400, { message: "Invalid pincode" }); } } else { if (pincode !== firstPincode) { throw error(400, { message: "Pincode mismatch" }); } } }, sign: async ({ transactionXDR, network, pincode }) => { try { const keyManager = setupKeyManager(); let signedTransaction = await keyManager.signTransaction({ transaction: TransactionBuilder.fromXDR(transactionXDR, network), id: get(walletStore).keyId, password: pincode, }); return signedTransaction; } catch (err) { console.error("Error signing transaction", err); throw error(400, { message: err.toString() }); } }, }; } export const walletStore = createWalletStore(); const setupKeyManager = () => { const localKeyStore = new KeyManagerPlugins.LocalStorageKeyStore(); localKeyStore.configure({ prefix: "walletApp", storage: localStorage, }); const keyManager = new KeyManager({ keyStore: localKeyStore, }); keyManager.registerEncrypter(KeyManagerPlugins.ScryptEncrypter); return keyManager; };
Creating the Account on the Stellar Network
Fund Account
- Fund with Friendbot (Testnet):
- Use Friendbot to fund the new account with Testnet XLM for testing purposes.
import { server } from "./stellarServer"; export async function fundWithFriendbot(publicKey) { console.log(`Requesting Friendbot funding for ${publicKey}`); await server.friendbot(publicKey).call(); }
Using the Wallet Store
- Pincode Confirmation:
- Use the wallet store throughout the application to handle user pincode confirmation and transaction signing.
- Integrate the wallet store with UI elements like confirmation modals.
Expected Outcome:
- Users can log in using their social media accounts.
- Secure and seamless OAuth authentication flow.
- Properly stored and managed OAuth tokens.
Why This Is Important:
OAuth authentication provides a convenient and secure login method for users, enhancing user experience and potentially increasing user engagement.