From Organic Design wiki
Cone.png This article or section is a stub. Stubs are articles that have not yet received substantial attention from the authors. They are short or insufficient pieces of information and require additions to further increase the article's usefulness. The project values stubs as useful first steps toward complete articles.

Blockstack is


Blockstack can work as an authentication provider for other Blockstack apps or for traditional websites. You can use the local app or the web version to perform the log-in service.

Using Blockstack


To install yo and the Blockstack generator globally run:

sudo npm i -g yo generator-blockstack

To generate the app structure and install dependencies run (in the project directory):

yo blockstack
npm i

Then you can start the app like so:

npm run start

It will open a window in your browser at http://localhost:5000/


Manifest File

Blockstack needs access to a manifest.json file for the purposes of obtaining the details of your app, the file must have the following headers set:

  • Access-Control-Allow-Origin "*"
  • Access-Control-Allow-Methods "GET, POST, PUT, DELETE"
  • Access-Control-Allow-Headers "Content-Type"

If your manifest.json file does not have the correct domain/ip of the blockstack site requesting your ip it will complain that the "Access-Control-Allow-Origin" header is not set.
The Browser version requires the manifest page to be encrypted using ssl.
There does appear to be some caching issues with the app making it not work - try restarting the browser.

Login Page

The login page appears to need the header: Access-Control-Allow-Origin "*" set.

Blockstack Sign-in Page

The sign in page is located at localhost:8888/ or for the browser version
To make a manual request to the blockstack service you need to direct the browser to:{THE REQUEST TOKEN} or localhost:8888/auth/?authRequest={THE REQUEST TOKEN}
{THE REQUEST TOKEN} is a JWT token created by blockstack.
The blockstack service page will display the permissions the app is requesting along with the manifest data from your app, it gives the user two options: Approve and Deny
If the user clicks deny it will leave them in the blockstack browser.
If the user clicks approve it will take them to the redirect link that was defined in the authRequest and have the url parameter authResponse={THE AUTH RESPONSE TOKEN}
{THE AUTH RESPONSE TOKEN} is a JWT token containing the users profile data
There does appear to be a bug where the blockstack browser does not return profile data, but the data can still be obtained through the hub url.

Mobile Users

The appPrivateKey appears to be a lot longer for mobile users compared to the normal string length of 64


If you want to use uglify to compress file size do not use the -m (mangle) option if you are using blockstacks storage otherwise it will result in a stack trace error.