Obtaining Current User's Public Key in Apps

#1

I’ve had this asked a couple times, so I figured I’d write this up.

After authentication, if an application wishes to figure out the current user’s identity public key or address (non-app-specific), there’s a couple of ways to go about this.

If the user has a username – the API call /v1/names/foo.id will give you this info:

$ curl -s 'https://core.blockstack.org/v1/names/blankstein.id' | jq .
{
  "address": "15GAGiT2j2F1EzZrvjk3B8vBCfwVEzQaZx",
  "blockchain": "bitcoin",
  "expire_block": 594441,
  "last_txid": "2bcb8308165e319adc3a7eb894c2bb874f3c7c37984f3433be1a20a9ff01a227",
  "status": "registered",
  "zonefile": "$ORIGIN blankstein.id\n$TTL 3600\n_http._tcp URI 10 1 \"https://gaia.blockstack.org/hub/15GAGiT2j2F1EzZrvjk3B8vBCfwVEzQaZx/0/profile.json\"\n",
  "zonefile_hash": "f73d5a4ce030f76618dec839404fd1b793c5f015"
}

As you can see, I get a bitcoin address for the user. But can I find a public key for that address? And can I get it for user’s without usernames?

Yes

Obtaining current user’s public key from the authentication response

The application gets an authentication response object when a user logs in. This auth response object is a JSON web token (JWT), which is signed by the user’s public key. That public key is stored in the JWT’s payload “public_keys” field. This authentication response object is stored in the userData object.

All of this can be used to obtain a user’s ECDSA public key and identity address:

var authResponseToken = blockstack.loadUserData().authResponseToken
var decodedToken = blockstack.decodeToken(authResponseToken)

var publicKey = decodedToken.payload.public_keys[0]

console.log(publicKey)
// 02a96bf05c05be19355d05366b81a552082be41ab3608710ab5cad798532d6345a

console.log(blockstack.publicKeyToAddress(publicKey))
// 15GAGiT2j2F1EzZrvjk3B8vBCfwVEzQaZx

A lot of this information will also be available in @larry’s forthcoming documentation on Blockstack’s authentication protocol.

8 Likes
Getting and verifying identity of a user
#2

Worked like a charm!

BTW, is it possible to derive the user’s Bitcoin xpub key?

Did see this pop up in console, FYI: index_bundle.js:28528 DEPRECATION WARNING: The static loadUserData() function will be deprecated in the next major release of blockstack.js. Create an instance of UserSession and call the instance method loadUserData().

#3

Does this answer your question?