A Plug for integrating Snarkey ZKP authentication into Plug-based and Phoenix applications.

Installation

def deps do
  [
    {:snarkey_plug, "~> 0.1.0"}
  ]
end

Usage

Basic setup

# In your router or pipeline
plug Snarkey.Plug,
  param_key: "proof",
  lookup: &MyApp.Accounts.get_by_blind_id/1,
  fallback_handler: {MyApp.FallbackController, :challenge}

Options

KeyDefaultDescription
:param_key"proof"Key in conn.params containing the proof map
:lookuprequiredFunction receiving blind_identifier, returns %{public_y: binary} or nil
:fallback_handlernil{Module, :function} to handle interactive fallback challenges

Prerequisites

Before the plug runs, set conn.private.blind_identifier — typically done by a preceding plug that extracts the user's blind identity from the request (e.g., from a header or cookie).

Proof format

The proof params under param_key must contain:

{
  "r": "<decimal string>",
  "s": "<decimal string>",
  "timestamp": "<decimal string>"
}

For the interactive fallback path, include "c" instead of "timestamp".

Success flow

On successful verification, conn.assigns.snarkey_auth is set to {:ok, :authenticated}.

Fallback flow

If the non-interactive proof is expired, the plug invokes the :fallback_handler with the challenge or assigns {:fallback, challenge} to conn.assigns.snarkey_auth if no handler is configured.

License

MIT