Tauri App Authentication
Identity management for Tauri desktop apps through Flowsta Vault.
Desktop apps built with Tauri v2 can manage user identity through Flowsta Vault's Tauri plugin. Users set up or unlock their Vault identity directly within your app.
How It Works
Unlike web OAuth, there's no browser redirect. Your app communicates with Vault via Tauri IPC commands.
Quick Start
1. Install the SDK
bash
npm install @flowsta/auth-tauri2. Check Vault Status
typescript
import { FlowstaVaultAuth } from '@flowsta/auth-tauri';
const vault = new FlowstaVaultAuth();
const status = await vault.getStatus();
if (!status.unlocked) {
showMessage('Please unlock Flowsta Vault to continue');
return;
}
// Get user identity
const identity = await vault.getIdentity();
console.log('DID:', identity.did);
console.log('Agent key:', identity.agentPubKey);3. Setup or Unlock
typescript
// First-time setup with recovery phrase and password
await vault.setup(mnemonic, password);
// Subsequent launches - unlock with password
await vault.unlock(password);4. Lock
typescript
await vault.lock();Configuration
typescript
interface FlowstaVaultAuthConfig {
apiUrl?: string; // Optional - default: 'https://auth-api.flowsta.com'
}
const vault = new FlowstaVaultAuth({ apiUrl: 'https://auth-api.flowsta.com' });Methods
| Method | Returns | Description |
|---|---|---|
getStatus() | VaultStatus | Check if Vault is set up and unlocked |
setup(mnemonic, password) | SetupResult | First-time identity setup |
unlock(password) | void | Unlock Vault with password |
lock() | void | Lock the Vault |
getIdentity() | VaultIdentity | Get DID and agent public key |
validateRecoveryPhrase(mnemonic) | boolean | Validate a BIP39 mnemonic |
linkWebAccount() | LinkResult | Link Vault identity to web account |
getLinkedAgents(jwt) | string[] | Get linked agents (requires JWT) |
Error Handling
typescript
try {
await vault.unlock(password);
} catch (error) {
if (error.message.includes('wrong password')) {
showMessage('Incorrect password');
} else if (error.message.includes('not set up')) {
showMessage('Please set up Flowsta Vault first');
}
}Combining with Agent Linking
If your Tauri app also runs a Holochain conductor, you can combine Vault identity with agent linking:
typescript
import { FlowstaVaultAuth } from '@flowsta/auth-tauri';
import { linkFlowstaIdentity } from '@flowsta/holochain';
// 1. Get Vault identity
const vault = new FlowstaVaultAuth();
const identity = await vault.getIdentity();
// 2. Link their Flowsta identity to your app's agent key
const link = await linkFlowstaIdentity({
appName: 'Your App',
clientId: '...',
localAgentPubKey: myLocalAgentKey,
});
// 3. Commit attestation to your DHT
await appWebsocket.callZome({ /* ... */ });Web vs Desktop Auth
| Feature | Web (@flowsta/auth) | Desktop (@flowsta/auth-tauri) |
|---|---|---|
| Auth method | Browser redirect to login.flowsta.com | Local Tauri IPC commands |
| User approval | OAuth consent screen in browser | Direct Vault interaction |
| Client secret | Not needed (PKCE) | Not needed (local) |
| Token storage | Browser localStorage | App-managed |
| Requires Vault | No | Yes |
Next Steps
- @flowsta/auth-tauri SDK - Full SDK reference
- Agent Linking - Link identities on Holochain
- Vault Overview - How Flowsta Vault works
- IPC Endpoints - Raw IPC API reference