Vue with TozID
Introduction
In this guide we'll show you how use both TozID and TozStore to securely authenticate and store data using end to end encryption in a Vue based application. We'll keep things simple and use the Vue CLI to bootstrap our application and only use the Tozny SDK as our other dependency. Once we're done this application will let you do the following:
1. Secure login with zero knowledge authentication powered by TozID
2. End to end encrypted reads and writes using TozStore
This tutorial assumes you have some basic knowledge of Vue but we'll walk through all of the steps. As always the complete source code is linked below.
Project Initialization
We'll assume you're using Node 12 (but we've tested this back to Node 8 without issue). Please be sure you have the Vue CLI tools installed. If you don't just run this command from your terminal.
1
npm install -g @vue/cli
2
# OR
3
yarn global add @vue/cli
Copied!
Now lets create our actual project. Vue CLI walks us through that process when we initialize a new project. Here are the configuration steps we've chosen:
1
vue create tozny-vue-auth-example
Copied!
Selecting presets from the CLI
We'll use Vuex, Vue Router, and Babel.
The remaining configurations are left as the defaults, using history router and dedicated config files. Once that process has finished, we're ready to start coding. You can start your blank project by issuing the following commands:
1
cd tozny-vue-auth-example //or whatever you named the project
2
npm run serve
Copied!
If successful you should get the standard Vue initialization app that looks like the image below.
If you're seeing the webpage above when you navigate to the URL indicated in your terminal then we're in the right spot. Let's get our Tozny account configured and we'll be ready to code.
Setting Up Tozny
Setting up your Tozny account is straight forward. We'll need to complete two steps, creating an account and creating a realm. Both are free - get started by heading over to the Tozny Dashboard and either logging in or registering an account.
Be sure to use an email address you have access to. You need to verify your email before writes to the platform are enabled.
A Realm defines where your users authenticate against. Once you create a realm you can then create your applications that users can authenticate against - in this tutorial we're using the Javascript SDK to authenticate against a realm. Realm names must be unique.
We need to complete a few things in our Tozny account:
- Create a realm in TozID
- Create an client application in the realm
- Set the application to allow * for web origins
Creating your TozID Realm
Click Manage Realm to access the below screens
Creating a Client Application in your Realm
Required Settings for You Application
Remember to set the redirect URI and web origins allowed and your redirect to localhost
Authentication with TozID
Authentication in TozID happens a little differently than most authentication providers. We use cryptographic operations to derive keys from a username and password and issue signed requests to our Identity platform. If the request is successful we return encrypted data which contains your keys and your derived keys are then used to decrypt those encryption keys. We know, that sounds confusing, but it's all handled automatically by our SDK.
Check out your network requests, your plain text passwords never leave your browser. We think that's pretty awesome. Tozny never stores them because we never see them.
Using our SDK you'll issue a standard looking login request and get back two important pieces of data. A tozStore credentials object and a standard JWT. You can use the JWT for authentication against any tranditional API backend - such as Laravel, Express, etc.
1
import Tozny from 'tozny-browser-sodium-sdk'
2
const realmName = process.env.VUE_APP_REALM_NAME;
3
const appName = process.env.VUE_APP_APP_NAME;
4
const brokerUrl = process.env.VUE_APP_BROKER_URL;
5
const registrationToken = process.env.VUE_APP_REGISTRATION_TOKEN;
6
​
7
const realmConfig = {
8
"realmName": realmName,
9
"appName": appName,
10
"brokerTargetUrl" : brokerUrl
11
}
12
const tozIDConfig = Tozny.Identity.Config.fromObject(realmConfig)
13
const tozId = new Tozny.Identity(tozIDConfig)
Copied!
Application Tutorial
Application Scaffolding
Lets dive into the main coding exercise needed to make our application work. Since we used Vue CLI much of the boilerplate is already written and we can focus on the components we need to write. First off we'll need to install the JS Tozny SDK. Do that by going into your project directory and running the installation command.
1
npm install [email protected]
Copied!
We'll also create a few files to let users navigate our note taking app. The main files will be:
1. Login Page
2. Registration Page
3. Notes Dashboard (Authenticated)
4. Password Recovery Page
5. Router, store, and auth components as detailed below.
The end result of our project tree should resemble this:
Ending project directory structure
Environment Variables
Create a file named .env.local at your base directory which contains the following entries.
- 1.Registration Token
- 2.Realm Name
- 3.Client Application Name
- 4.Broker URL (where to be sent to complete a password recovery)
1
VUE_APP_REALM_NAME=
2
VUE_APP_APP_NAME=
3
VUE_APP_BROKER_URL=http://localhost:8080/reset
4
VUE_APP_REGISTRATION_TOKEN=
Copied!
Registration
Register.vue
vuex.js
1
<template>
2
<div>
3
<h2>Register</h2>
4
<form @submit.prevent="submitRegister" autocomplete="off">
5
<label>
6
Email
7
<input v-model="email">
8
</label>
9
<br>
10
<label>
11
Password
12
<input v-model="pass" type="password">
13
</label><br>
14
<button type="submit">Register</button>
15
<p v-if="error" class="error">Bad registration information or password.</p>
16
</form>
17
</div>
18
</template>
19
​
20
<script>
21
import { mapActions, mapGetters } from "vuex";
22
export default {
23
data () {
24
return {
25
email: '',
26
pass: '',
27
error: false
28
}
29
},
30
computed: {
31
...mapGetters([
32
'loggedIn',
33
])
34
},
35
methods: {
36
...mapActions(['register']),
37
async submitRegister () {
38
this.error = false;
39
if(!this.email || !this.pass){
40
this.error = true;
41
return;
42
}
43
try{
44
await this.register({email: this.email, pass: this.pass})
45
this.error = false;
46
this.$router.replace(this.$route.query.redirect || '/dashboard')
47
}catch(err){
48
this.error = true;
49
}
50
​
51
}
52
}
53
}
54
</script>
55
​
56
<style>
57
.error {
58
color: red;
59
}
60
</style>
Copied!
1
// We've removed all of the unused methods from the registration
2
// flow here just to make it easier to follow. The entire
3
// vuex store file is available in the Github repo that
4
// is linked below.
5
​
6
export default new Vuex.Store({
7
state: {
8
toznyClient: false,
9
name: ''
10
},
11
mutations: {
12
SET_TOZNY_CLIENT(state, payload){
13
state.toznyClient = payload
14
},
15
SET_NAME(state, token) {
16
const base64Url = token.split('.')[1]
17
const base64 = base64Url.replace('-', '+').replace('_', '/')
18
const claims = JSON.parse(window.atob(base64))
19
state.name = claims['preferred_username'];
20
},
21
},
22
actions: {
23
async register({commit}, payload){
24
try{
25
const res = await tozId.register(payload.email, payload.pass, registrationToken, payload.email)
26
localStorage.setItem('toznyClient',JSON.stringify(res.serialize()))
27
commit('SET_TOZNY_CLIENT', res)
28
const token = await res.token()
29
commit('SET_NAME', token)
30
​
31
}catch(err){
32
return err;
33
}
34
},
35
},
36
getters: {
37
loggedIn: state => !!state.toznyClient
38
}
39
})
Copied!
Login
Login.vue
vuex.js
1
<template>
2
<div>
3
<h2>Login</h2>
4
<p v-if="$route.query.redirect">
5
You need to login first.
6
</p>
7
<form @submit.prevent="submitLogin" autocomplete="off">
8
<label>
9
Email
10
<input v-model="email" >
11
</label>
12
<br>
13
<label>
14
Password
15
<input v-model="pass" type="password">
16
</label>
17
<br>
18
<button type="submit">login</button>
19
<p v-if="error" class="error">Bad login information</p>
20
</form>
21
<button @click="resetPw">Forgot Password</button>
22
<p>{{message}}</p>
23
</div>
24
</template>
25
​
26
<script>
27
import { mapActions, mapGetters } from "vuex";
28
export default {
29
data () {
30
return {
31
email: '',
32
pass: '',
33
error: false,
34
message: ""
35
}
36
},
37
computed: {
38
...mapGetters([
39
'loggedIn',
40
])
41
},
42
methods: {
43
...mapActions(['login','requestReset']),
44
async submitLogin () {
45
try{
46
await this.login({email: this.email, pass: this.pass})
47
this.error = false;
48
this.$router.replace(this.$route.query.redirect || '/dashboard')
49
}catch(err){
50
this.error = true;
51
}
52
},
53
async resetPw(){
54
this.message = "";
55
try{
56
await this.requestReset({email:this.email});
57
this.message = "Please check your email";
58
}catch(err){
59
60
}
61
}
62
}
63
}
64
</script>
65
​
66
<style>
67
.error {
68
color: red;
69
}
70
</style>
Copied!
1
// We've removed all of the unused methods from the registration
2
// flow here just to make it easier to follow. The entire
3
// vuex store file is available in the Github repo that
4
// is linked below.
5
​
6
export default new Vuex.Store({
7
state: {
8
toznyClient: false,
9
name: ''
10
},
11
mutations: {
12
SET_TOZNY_CLIENT(state, payload){
13
state.toznyClient = payload
14
},
15
SET_NAME(state, token) {
16
const base64Url = token.split('.')[1]
17
const base64 = base64Url.replace('-', '+').replace('_', '/')
18
const claims = JSON.parse(window.atob(base64))
19
state.name = claims['preferred_username'];
20
},
21
},
22
actions: {
23
async login({commit}, payload){
24
try{
25
const res = await tozId.login(payload.email, payload.pass)
26
localStorage.setItem('toznyClient',JSON.stringify(res.serialize()))
27
commit('SET_TOZNY_CLIENT', res)
28
const token = await res.token()
29
commit('SET_NAME', token)
30
}catch(err){
31
console.log("Bad password")
32
return err;
33
}
34
},
35
},
36
getters: {
37
loggedIn: state => !!state.toznyClient
38
}
39
})
Copied!
Forgot Password
Note that in order to use password recovery managed by Tozny you must grant us access to act as a broker and deliver the password reset email. If you'd like to manage this yourself just toggle the setting to off in the Dashboard. When you have this setting off Tozny is cryptographically isolated from your data and cannot recover or release your data.
request reset vuex.js
ResetPassword.vue
complete reset vuex.js
1
// We've removed all of the unused methods from the registration
2
// flow here just to make it easier to follow. The entire
3
// vuex store file is available in the Github repo that
4
// is linked below.
5
​
6
export default new Vuex.Store({
7
​
8
actions: {
9
​
10
async requestReset({commit}, payload){
11
try{
12
​
13
// Requesting a reset from the TozID service and since
14
// our realm is configured to let TozID broker the
15
// reset our email will be delivered by Tozny
16
​
17
// (if you toggle OFF the setting in your realm settings then this will fail)
18
​
19
const res = await tozId.initiateRecovery(payload.email)
20
}catch(err){
21
return err;
22
}
23
},
24
​
25
26
},
27
getters: {
28
loggedIn: state => !!state.toznyClient
29
}
30
})
Copied!
1
<template>
2
<div>
3
<h2>Reset Password</h2>
4
<form @submit.prevent="submitReset" autocomplete="off" v-if="!error">
5
<label>
6
New Password
7
<input v-model="pass" type="password">
8
</label>
9
<br>
10
<button type="submit">Reset Password</button>
11
</form>
12
<p v-if="error" class="error">Unable to verify the reset link.</p>
13
14
</div>
15
</template>
16
​
17
<script>
18
import { mapActions, mapGetters } from "vuex";
19
export default {
20
data () {
21
return {
22
email: '',
23
pass: '',
24
error: false,
25
email_otp: '',
26
note_id: ''
27
}
28
},
29
computed: {
30
31
},
32
mounted(){
33
this.error = false;
34
if(this.$route.query.email_otp && this.$route.query.note_id){
35
this.email_otp = this.$route.query.email_otp;
36
this.note_id = this.$route.query.note_id;
37
}else{
38
this.error = true;
39
}
40
},
41
methods: {
42
...mapActions(['completeRecovery']),
43
async submitReset () {
44
try{
45
await this.completeRecovery({otp: this.email_otp, noteId: this.note_id, pass: this.pass})
46
this.error = false;
47
this.$router.replace('/login')
48
}catch(err){
49
this.error = true;
50
}
51
}
52
}
53
}
54
</script>
55
​
56
<style>
57
.error {
58
color: red;
59
}
60
</style>
Copied!
1
// We've removed all of the unused methods from the registration
2
// flow here just to make it easier to follow. The entire
3
// vuex store file is available in the Github repo that
4
// is linked below.
5
​
6
export default new Vuex.Store({
7
8
actions: {
9
10
async completeRecovery({commit}, payload){
11
try{
12
// First we verify the query parameters from the recovery link
13
// and pass them to the complete recovery method and then
14
// the next function performs the password change
15
const res = await tozId.completeRecovery(payload.otp, payload.noteId)
16
await res.changePassword(payload.pass)
17
return;
18
}catch(err){
19
return err;
20
}
21
},
22
},
23
getters: {
24
loggedIn: state => !!state.toznyClient
25
}
26
})
Copied!
App.vue
1
<template>
2
<div id="app">
3
<h1>Auth Flow</h1>
4
<ul>
5
<li>
6
<router-link v-if="loggedIn" to="/logout">Log out</router-link>
7
<router-link v-if="!loggedIn" to="/login">Log in</router-link>
8
</li>
9
<li v-if="!loggedIn">
10
<router-link v-if="!loggedIn" to="/register">Register</router-link>
11
</li>
12
<li>
13
<router-link to="/dashboard">Dashboard</router-link>
14
(authenticated)
15
</li>
16
</ul>
17
<template v-if="$route.matched.length">
18
<router-view></router-view>
19
</template>
20
<template v-else>
21
<p>You are logged {{ loggedIn ? 'in' : 'out' }}</p>
22
</template>
23
</div>
24
</template>
25
​
26
<script>
27
import { mapState, mapGetters } from "vuex";
28
export default {
29
data () {
30
return {
31
32
}
33
},
34
computed: {
35
...mapGetters([
36
'loggedIn',
37
])
38
},
39
}
40
</script>
41
<style>
42
html, body {
43
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
44
color: #2c3e50;
45
}
46
​
47
#app {
48
padding: 0 20px;
49
}
50
​
51
ul {
52
line-height: 1.5em;
53
padding-left: 1.5em;
54
}
55
​
56
a {
57
color: #7f8c8d;
58
text-decoration: none;
59
}
60
​
61
a:hover {
62
color: #4fc08d;
63
}
64
</style>
Copied!
Dashboard.vue
Here is where we're actually reading and writing encrypted data from Tozny. One of the key benefits of Tozny's platform is that Tozny never has access to key material so there is no ability to leak decrypted data - all of the encryption and decryption operations happen client side (in your browser in this case).
Dashboard.vue
1
<template>
2
<div>
3
<h2>Dashboard</h2>
4
<p>You're logged in {{name}}!</p>
5
​
6
<h3 v-if="notes.length > 0">Your Notes</h3>
7
<ul>
8
<li v-for="item in notes" :key="item.meta.recordId">
9
{{item.data.note}}
10
</li>
11
</ul>
12
<h3>Write New Secret Note</h3>
13
<div class="note-area">
14
<textarea v-model="note" />
15
<button @click="writeNote">Write Note</button>
16
</div>
17
<div>
18
<button @click="showToken">Show JWT</button>
19
<div>{{token}}</div>
20
</div>
21
</div>
22
</template>
23
<script>
24
import auth from '../auth'
25
import { mapState } from "vuex";
26
export default {
27
data () {
28
return {
29
notes: [],
30
loading: false,
31
token: "",
32
note: ""
33
}
34
},
35
computed: {
36
...mapState(["toznyClient", "name"])
37
},
38
mounted(){
39
40
this.getNotes();
41
42
},
43
methods: {
44
async getNotes(){
45
let records = await this.toznyClient.storageClient.query(true, null, null, 'note').next();
46
this.notes = records;
47
},
48
async writeNote(){
49
await this.toznyClient.storageClient.write('note', {'note': this.note});
50
this.getNotes();
51
},
52
async showToken(){
53
const token = await auth.getToken();
54
this.token = token;
55
}
56
}
57
}
58
</script>
59
<style scoped>
60
.note-area{
61
width: 400px;
62
display: flex;
63
flex-direction: column;
64
}
65
​
66
</style>
Copied!
​
Vuex Store
store/index.js
1
import Vue from 'vue'
2
import Vuex from 'vuex'
3
import Tozny from 'tozny-browser-sodium-sdk'
4
const realmName = process.env.VUE_APP_REALM_NAME;
5
const appName = process.env.VUE_APP_APP_NAME;
6
const brokerUrl = process.env.VUE_APP_BROKER_URL;
7
const registrationToken = process.env.VUE_APP_REGISTRATION_TOKEN;
8
​
9
const realmConfig = {
10
"realmName": realmName,
11
"appName": appName,
12
"brokerTargetUrl" : brokerUrl
13
}
14
const tozIDConfig = Tozny.Identity.Config.fromObject(realmConfig)
15
const tozId = new Tozny.Identity(tozIDConfig)
16
​
17
Vue.use(Vuex)
18
​
19
export default new Vuex.Store({
20
state: {
21
toznyClient: false,
22
name: ''
23
​
24
},
25
mutations: {
26
SET_TOZNY_CLIENT(state, payload){
27
state.toznyClient = payload
28
},
29
SET_NAME(state, token) {
30
const base64Url = token.split('.')[1]
31
const base64 = base64Url.replace('-', '+').replace('_', '/')
32
const claims = JSON.parse(window.atob(base64))
33
state.name = claims['preferred_username'];
34
},
35
LOGOUT(state){
36
delete localStorage.clear();
37
}
38
39
},
40
actions: {
41
async setToznyClient({commit}, payload){
42
commit('SET_TOZNY_CLIENT', payload)
43
44
},
45
logout({commit}){
46
commit('LOGOUT')
47
},
48
async rehydrateTozny({commit}){
49
​
50
const client = tozId.fromObject(localStorage.getItem('toznyClient'))
51
commit('SET_TOZNY_CLIENT', client)
52
const token = await client.token()
53
commit('SET_NAME', token)
54
},
55
async login({commit}, payload){
56
try{
57
const res = await tozId.login(payload.email, payload.pass)
58
localStorage.setItem('toznyClient',JSON.stringify(res.serialize()))
59
commit('SET_TOZNY_CLIENT', res)
60
const token = await res.token()
61
commit('SET_NAME', token)
62
63
​
64
}catch(err){
65
console.log("Bad password")
66
return err;
67
}
68
},
69
async requestReset({commit}, payload){
70
try{
71
​
72
// Requesting a reset from the TozID service and since
73
// our realm is configured to let TozID broker the
74
// reset our email will be delivered by Tozny
75
​
76
// (if you toggle OFF the setting in your realm settings then this will fail)
77
​
78
const res = await tozId.initiateRecovery(payload.email)
79
}catch(err){
80
return err;
81
}
82
},
83
async completeRecovery({commit}, payload){
84
try{
85
// First we verify the query parameters from the recovery link
86
// and pass them to the complete recovery method and then
87
// the next function performs the password change
88
const res = await tozId.completeRecovery(payload.otp, payload.noteId)
89
await res.changePassword(payload.pass)
90
return;
91
}catch(err){
92
return err;
93
}
94
},
95
async register({commit}, payload){
96
try{
97
const res = await tozId.register(payload.email, payload.pass, registrationToken, payload.email)
98
localStorage.setItem('toznyClient',JSON.stringify(res.serialize()))
99
commit('SET_TOZNY_CLIENT', res)
100
const token = await res.token()
101
commit('SET_NAME', token)
102
​
103
}catch(err){
104
return err;
105
}
106
},
107
108
},
109
getters: {
110
loggedIn: state => !!state.toznyClient
111
}
112
})
113
​
Copied!
Vue Router
router/index.js
1
import Vue from 'vue'
2
import Router from 'vue-router'
3
import Dashboard from '@/components/Dashboard.vue'
4
import Login from '@/components/Login.vue'
5
import ResetPassword from '@/components/ResetPassword.vue'
6
import Register from '@/components/Register.vue'
7
import store from '../store'
8
import auth from '../auth'
9
​
10
Vue.use(Router)
11
​
12
export default new Router({
13
mode: 'history',
14
base: __dirname,
15
routes: [
16
{ path: '/dashboard', component: Dashboard, beforeEnter: requireAuth },
17
{ path: '/login', component: Login, beforeEnter: authRedirect },
18
{ path: '/reset', component: ResetPassword },
19
{ path: '/register', component: Register, beforeEnter: authRedirect },
20
{ path: '/logout',
21
beforeEnter (to, from, next) {
22
store.dispatch("logout").then(
23
location.reload()
24
)
25
26
}
27
}
28
]
29
})
30
​
31
// If a user attempts to access login or register let's check if they are
32
// already authenticated and properly route them back to the dashboard
33
​
34
async function authRedirect (to, from, next) {
35
if(!store.state.toznyClient && localStorage.getItem('toznyClient')){
36
await store.dispatch('rehydrateTozny')
37
}
38
39
if (!store.state.toznyClient) {
40
next()
41
} else {
42
next({
43
path: '/dashboard'
44
})
45
}
46
}
47
​
48
// Before we allow access to protected routes the application should
49
// validate that the user is properly authenticated use our vuex
50
// getter that is defined in the store
51
​
52
async function requireAuth (to, from, next) {
53
if(!store.state.toznyClient && localStorage.getItem('toznyClient')){
54
await store.dispatch('rehydrateTozny')
55
}
56
57
if (!store.state.toznyClient) {
58
next({
59
path: '/login',
60
query: { redirect: to.fullPath }
61
})
62
} else {
63
next()
64
}
65
}
Copied!
TozID Auth
auth.js
1
// This auth file is intentionally kept simple and designed to only
2
// return a standard JWT on demand. The hydration from from
3
// local storage is done in our vuex store as an action
4
​
5
import store from './store'
6
​
7
export default {
8
​
9
async getToken () {
10
// Call this to get a token to set as a global bearer token when calling your own API
11
// Tozny will handle automatically refreshing this token for you if needed
12
​
13
try{
14
const token = await store.state.toznyClient.token()
15
return token;
16
}catch(err){
17
console.log("Unable to get token")
18
return false;
19
}
20
},
21
}
Copied!
Wrapping Up
Putting all of this together should result in you being able to login, register, and read and write notes that only your user can decrypt! If you run into any questions just shoot us an email at [email protected] and we'll be happy to help.
Grab the full source code for this project on our github - https://github.com/tozny/tozny-vue-auth-example​
Last modified 11d ago