A Plug for integrating Snarkey ZKP authentication into Plug-based and Phoenix applications.
Installation
def deps do
[
{:snarkey_plug, "~> 0.1.0"}
]
endUsage
Basic setup
# In your router or pipeline
plug Snarkey.Plug,
param_key: "proof",
lookup: &MyApp.Accounts.get_by_blind_id/1,
fallback_handler: {MyApp.FallbackController, :challenge}Options
| Key | Default | Description |
|---|---|---|
:param_key | "proof" | Key in conn.params containing the proof map |
:lookup | required | Function receiving blind_identifier, returns %{public_y: binary} or nil |
:fallback_handler | nil | {Module, :function} to handle interactive fallback challenges |
Prerequisites
Before the plug runs, set conn.private.blind_identifier — typically done by a preceding plug that extracts the user's blind identity from the request (e.g., from a header or cookie).
Proof format
The proof params under param_key must contain:
{
"r": "<decimal string>",
"s": "<decimal string>",
"timestamp": "<decimal string>"
}For the interactive fallback path, include "c" instead of "timestamp".
Success flow
On successful verification, conn.assigns.snarkey_auth is set to {:ok, :authenticated}.
Fallback flow
If the non-interactive proof is expired, the plug invokes the :fallback_handler with the challenge or assigns {:fallback, challenge} to conn.assigns.snarkey_auth if no handler is configured.
License
MIT