Can I use Blockstack Gaia Storage without Blockstack Auth?

migbash · June 16, 2020, 10:10pm

I am currently discovering Blockstack and I was wondering if I can use the Blockstack Gaia storage, but using a different authentication system and not Blockstack Auth with blockstack.js to access the users Gaia Storage location.

Thank you

marvin.id · June 16, 2020, 11:37pm

You really only need a private key to interact with Gaia. What are you looking to create?

You could take a look at the following code on how to create a UserSession object using only a private key with BlockstackJS.

github.com

MarvinJanssen/blockstack-thief/blob/master/index.js#L43


vorpal.command('session <app url> <app private key>','Initiate a session for given app private key.')
	.alias('s')
	.option('-g, --gaia-hub <hub url>','Use alternate Gaia hub')
	.action(function(args,next)
		{
		state.apk = args['app private key'];
		state.app_url = args['app url'];
		if (args.options['gaia-hub'])
			state.gaia_hub_url = args.options['gaia-hub'];

		state.data_store = new SessionStore.InstanceDataStore(
			{
			userData:
				{
				appPrivateKey: state.apk,
				hubUrl: state.gaia_hub_url
				}
			});

		state.session = new blockstack.UserSession(
			{

migbash · June 17, 2020, 1:21am

Ah, that’s handy thank you.

I have an alternative & necessary verification system for my application comprising 2FA authentication and other user information such as age/nationality/mobile num, to truly verify the user.

I guess I could use both the Blockstack Auth and then my 3rd party auth after, but I would not think the users would like that extra step.

marvin.id · June 17, 2020, 2:27am

What is the reason for the additional verification? KYC procedures? If you require server-side handling/authentication, then you can verify the JWT on the server or have the Blockstack user sign a message.

migbash · June 17, 2020, 1:17pm

Yes, KYC procedures using the Civic Integration Portal, which provides a custom JWT token for each user authentication already.

Yeah I was thinking of doing exactly that already, but was just wondering if I there was another way to use Gaia without having the user to be registered on the Blockstack blockchain and just use Civic for signing into the application.

marvin.id · June 17, 2020, 6:27pm

You could feed a private key to the Blockstack store and instantiate a UserSession to interact with Gaia that way, side-stepping the Blockstack authentication flow completely. (But if that private key is generated or seen by the server at any point, then using Gaia becomes a little pointless.)

migbash · June 17, 2020, 10:39pm

Huh, I guess I will have to experiment with the different approaches you have suggested.

Thank you