Support for UserSession in node environment

#1

I’ve seen a few issues posted about using blockstack.js in node environments, specifically creating user sessions, but it wasn’t clear what the status of this type of functionality is. Almost all the documentation from what I can tell seems to be focused on running auth from a browser. For the purposes of the app I’d like to build, I’m trying to instantiate a blockstack user session on the server that would be able to lookup files from a Gaia hub for example as well as run some encrypt/decrypt operations based off an app private key. Specifically, I’d like to create a framework where the user on the client side is able to interact with the server as if it was another user for a multi-player construction.

Is this possible with the current toolset? The closest thing I could find was the blockstack-cli which still looks like it has to polyfill things like a window global object. I found this issue on GitHub which mentions the problem and has had some activity and related merges but doesn’t seem to be resolved yet.

#2

See:

#3

Awesome, thanks! I actually just stumbled across that post and was in the process of trying it out. It seems to work, however, it’s not very flexible in that you need the appPrivateKey ahead of time, which depends on the deployment environment. So in my case, I’m using Zeit’s now for serverless deployments, this means the origin can change which means the app key can change since the app is different for each host. Is there a more flexible way to do a server-side auth flow to get the appKey for the specific origin being used?

#4

The user must approve auth for a given app as identified by the app’s domain origin. I’d recommend you obtain and use a single domain representing your app. I’m not familiar with Ziet or how its serverless deployments work, but those services typically allow for this type of domain configuration.

#5

Yeah, I think that makes sense. They do allow for deployment specific environment variables that can then be imported in. So that seems like the best (and safest) approach for the moment. Working with it in local so far and it seems to be working!

Thanks!