ClickCease

How to Implement PushAuth™: Web Server

Welcome back to the Power of PushAuth™ blog series! The first post provided a comprehensive guide to push authentication—check it out here if you missed it. The next three posts are tutorials offering an end-to-end implementation of PushAuth™ in a simple user login flow and will be broken down as follows:

  1. Web Server tutorial (this post)
  2. iOS Mobile App tutorial
  3. Android Mobile App tutorial

The first tutorial (this post) covers a Ruby on Rails backend that provides a basic user login authentication flow with PushAuth integrated. The second and third tutorials will be instructions on how to run sample iOS and Android apps, respectively. These will be the apps that receive and respond to push notifications initiated by the login process.

By the end of these three tutorials, you will have a website where a registered user can log in with their username and password, receive a push notification on their phone, accept the login request via the push notification, and subsequently be logged in on the website. This flow is shown in the video below.

This is a very simplified version of a real-world application and login flow. You might remember some of the security issues that can be present with push authentication from the previous post, such as trusted device registration, fallback resources, or access revocation. This tutorial does not include solutions for those or user sign-up. Future posts in the series will provide extensions of this simple flow to tackle some of those issues.

Alright, let’s get started!

Setup

To follow this tutorial, you will need:

Step 1: UnifyID Account, Project, and Keys

A UnifyID project will grant you access to UnifyID’s services. In order to create a project, you’ll need to first create a UnifyID account. Once you have an account and project, go to the Developer Dashboard to create an API key and SDK key. Make sure to copy the API key value somewhere safe—you won’t be able to access it later.

This tutorial uses PushAuth project as the UnifyID project name. You can see the configured API and SDK keys on the dashboard view above.

Step 2: Cloning the Project and Installing Dependencies

The pushauth-sample-server GitHub repository contains the code for this project. Clone the repository, navigate into it, install the project dependencies that are listed in the Gemfile, and ensure your Yarn packages are up-to-date:

Feel free to poke around the code if you’d like to get a better understanding of what’s going on under the hood. This tutorial won’t go into those details, but a future post in this series will.

Step 3: DB Setup and Running the Server

Now, initialize the database:

Once the database has been initialized you can create users. To create a user, do the following (replacing <your_username> and <your_password> with the values you intend to use for username and password):

Step 4: Server API Key Storage

This step requires the server API key value you copied in Step 1.

The above command will open the credentials file in vim. You can replace vim with the name of whichever executable you are most comfortable with (atom, sublime, etc.). This will decrypt and open the credentials file for editing, at which point you should add the following entry:

After saving and closing, the credentials file will be re-encrypted, and your server API key value will be stored.

Step 5: Running the Server

Now you are able to run the server:

Finally, connect to the server by opening http://localhost:3000/ in your browser. This will bring you to the landing page, where you can then navigate to the login page and enter your username and password from above in Step 3:

This brings you to the end of the web server tutorial. After entering the username and password on the login page, you can see that the server is polling for the push notification response before allowing or denying access to the website. Without a way to receive or respond to push notifications, you cannot successfully log in. Stay tuned for the next couple posts of this tutorial installment to complete the flow:

Thanks for following along! Please reach out to us if you have any questions, comments, or suggestions, and feel free to share this post.

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.


Tags:
Banking

Keep reading

See all blogs
Be Part of the Future of Fraud and Digital Identity at Prove’s improve 2024 Featuring Fraud Fight Club

Prove is hosting a digital identity summit – improve 2024 – with the help of Fraud Fight Club, in Charlotte, NC, on Thursday, April 25, 2024 - an exclusive gathering of top minds in fraud, risk, and identity.

Kelley Vallone
March 18, 2024
What Steph Curry Can Teach Us About B2B Onboarding

Just as every system needs a catalyst, Curry provides that for the Warriors. Identity verification is the catalyst for your B2B onboarding.

Kelley Vallone
March 13, 2024
Prove’s Tom Hill Provides Critical Identity Verification Considerations for Online Gambling Companies

Prove’s Tom Hill explains why creating an easy-to-use and engaging user experience will be critical for gaming organizations to rapidly onboard new customers.

Kaushal Ls
March 11, 2024