Learning Rust, Svelte, and IRMA building a chat application with strong authentication

Marlon
Co-owner & Lead developer
open-sourceprivacymeet-the-teamirmarusttypescript
Learning Rust, Svelte, and IRMA building a chat application with strong authentication
As owner and technical lead of our company I'm very motivated to keep up to speed with all new developments and to continuously innovate our tech stack. Nevertheless, every once in a while I find myself lacking in in-depth, hands-on experience in languages and tools I really want to be on top of. At that moment, I know I need to hit pause and take the time for a deep dive, in the form of a personal learning project.

My time being scarce, the best approach is to try and kill two birds with one stone, or actually in this case, three:

  1. Rust, the open-source language that strives for the trifecta of safety, speed, and concurrency
  2. Svelte, an alternative to React, providing performance and a tiny bundle size
  3. IRMA, the privacy-friendly identity platform

I had some experience with all three before I started. The challenge now was to get to the level that I'm comfortable using them.

The benefit of defining your personal project is that you don't need to worry about "annoying" constraints like what is most productive or maintainable solution, or having to adhere to the client's wishes.

Know who your peers are

As the use case I chose a chat application that has substantiated guarantees of knowing who you are chatting with as its special feature. That entails using IRMA for authentication and providing your real name.

In general, it's good to have anonymity when cruising the internet, but in specific cases, like when there is official business involved, it is important to know who you are talking to. For instance, when dealing with your local government or when you register for some kind of insurance. That's where an identity platform like IRMA finds its application. Apart from strong authentication, it enables you to control your personal data and only selectively disclose it.

Technical overview

The application consists of these components:

  • A frontend SPA, written in Typescript / Svelte that guides the user through the authentication flow and shows the chat interface. The complete application bundle size is just 26.4 kb and that includes a QR library necessary for the IRMA authentication flow. In contrast, react-dom is 103.7 kb by itself
  • A backend application written in Rust that only communicates over websockets. There are two websocket endpoints, one for the authentication flow with IRMA and one to send and receive chat messages

  • An IRMA server to perform IRMA sessions

    IRMA chat - System components

Session status updates are sent from IRMA server to the Rust backend over Server Sent Events and are forwarded to the client via the established websocket. Using websockets reduces the latency to a minimum and makes polling for status updates or new messages unnecessary.

Further details and code can be found on our Github.

Demo

You can try the demo at https://irma-chat.tweede.golf/ - make sure to have your IRMA app installed and configured.

IRMA chat

Retrospective

Rounding up, I'm happy to have taken the time for this learning experience, as getting your hands dirty is the only way to truly understand the pros and cons of any technology. This will allow me to make the right tech choices further down the road.

Looking forward to the next one :)

Marlon
Co-owner & Lead developer
open-sourceprivacymeet-the-teamirmarusttypescript

Stay up-to-date

Stay up-to-date with our work and blog posts?

Related articles

Sending documents over the internet can be a pain. Email providers generally support attachments with a maximum size between 10 and 50 MB, for larger files one would need to find another way. Most people would probably use one of the many public cloud or file sender solutions. But what if the files to be sent contain personal information, medical information or are private family photos? And how do you know that only the recipient can access and download these files?
open-sourcesecurityprivacyirmarusttypescript
Read article
It is common wisdom that one should avoid implementing their own cryptography if at all possible. This is generally good wisdom as writing correct cryptography code can be very tricky and takes quite a bit of time to get done right.
open-sourcesecurityprivacyirma
Read article
With the current pandemic situation, it is hard to hold meetings at an appropriate and safe distance. Looking for secure alternatives, our local city government approached Tweede golf with developing a novel authenticated variant of videoconferencing, with the intention of holding city council meetings using this solution.
open-sourcesecurityprivacyirmagolua
Read article