HB-Auth
Keys stay where they belong.

Open-source, browser-based authentication for Hive. Private keys never leave the WebWorker — encrypted, isolated, secure.

npm install @hiveio/hb-auth
Explore

Built for security-first applications

Enterprise-grade authentication primitives that keep private keys where they belong — on the user's device.

Zero Key Exposure

The core security model. Private keys never leave the WebWorker — encrypted by Beekeeper WASM, fully isolated from main thread. Your app cannot access them.

security-flow.log

Wax SDK + TypeScript

Drop-in signer provider for @hiveio/wax with strict types and full autocomplete out of the box.

signer.ts 
import { HBAuthProvider } from '@hiveio/signers-hb-auth';
// Full TypeScript definitions & autocomplete

const signer: IOnlineSignerProvider =
  HBAuthProvider.for(
    client, 'username', 'posting'
  );

// Type-safe transaction building
const tx = await chain.createTransaction();
tx.pushOperation({ vote: { ... } });
await tx.sign(signer); // Keys never leave Worker

Session-Based Auth

One session synced across all tabs via SharedWorker. Survives page refresh. No repeated logins.

Role-Based Access

Granular key roles — posting, active, owner. Each operation uses the minimum authority required.

Built for Hive

Native Hive blockchain integration. On-chain verification when connected, local-only mode when offline.

Secure authentication in three steps

01

Install & Initialize

Install from npm. Create a chain instance and initialize the client. The WebWorker spins up automatically.

step-01.ts 
import { createHiveChain } from '@hiveio/wax';
import { OnlineClient } from '@hiveio/hb-auth';

const chain = await createHiveChain();
const client = new OnlineClient();
await client.initialize(chain);
02

Register & Authenticate

Register your key once — it's encrypted and stored in IndexedDB. Authenticate with your password to start a session.

step-02.ts 
await client.register(
  'username', 'password', wifKey, 'posting'
);

await client.authenticate(
  'username', 'password', 'posting'
);
03

Sign Transactions

Sign transactions directly or use the Wax SDK provider. Keys never leave the WebWorker context.

step-03.ts 
import { HBAuthProvider } from '@hiveio/signers-hb-auth';

const signer = HBAuthProvider.for(
  client, 'username', 'posting'
);
// Use with wax transaction builder

Security by isolation

Private keys are processed inside a WebWorker — completely isolated from your application code.

Main Thread
  • OnlineClient
  • OfflineClient
  • HBAuthProvider
Comlink RPC
WebWorker / SharedWorker

AuthWorker

Beekeeper (WASM)

Private Keys

IndexedDB

Encrypted Store

SharedWorker syncs across tabs