For Holochain Developers
Three ways to integrate Flowsta with your Holochain application.
Option 1: Authentication Only
Use Flowsta's OAuth for user authentication while managing your own Holochain infrastructure:
import { FlowstaAuth } from '@flowsta/auth';
const auth = new FlowstaAuth({
clientId: 'your-client-id',
redirectUri: 'https://yourapp.com/callback',
scopes: ['openid', 'public_key', 'did']
});
const user = await auth.handleCallback();
console.log('DID:', user.did);
console.log('Flowsta agent key:', user.agentPubKey);Best for: Apps that want consistent user identity across the Flowsta ecosystem but run their own conductor and agent keys.
Option 2: Agent Linking via Vault
Let users prove their Flowsta identity on your DHT with cryptographic attestations:
import { linkFlowstaIdentity } from '@flowsta/holochain';
const result = await linkFlowstaIdentity({
appName: 'YourApp',
clientId: 'your-client-id',
localAgentPubKey: myAgentKey,
});
// Commit to your DHT
await appWebsocket.callZome({
role_name: 'my-role',
zome_name: 'agent_linking',
fn_name: 'create_direct_link',
payload: {
other_agent: decodeHashFromBase64(result.payload.vaultAgentPubKey),
other_signature: base64ToSignature(result.payload.vaultSignature),
},
});Best for: Apps where users need verifiable identity across multiple Holochain networks. Requires users to have Flowsta Vault installed.
Full guide: Building Holochain Apps
Option 3: Desktop App via Vault Auth
Authenticate your Tauri desktop app through Vault's IPC:
import { FlowstaVaultAuth } from '@flowsta/auth-tauri';
const vault = new FlowstaVaultAuth();
const status = await vault.getStatus();
if (status.unlocked) {
const identity = await vault.getIdentity();
console.log('DID:', identity.did);
}Best for: Desktop Holochain apps built with Tauri that want Flowsta authentication without browser redirects.
Full guide: Tauri App Authentication
Electron Apps
Electron apps can use @flowsta/holochain directly — it communicates with Flowsta Vault over the same localhost IPC server (port 27777) and works in any JavaScript environment. No separate adapter is needed.
Adding Agent-Linking Zomes
To support Option 2, add the flowsta-agent-linking zomes to your DNA:
# integrity/Cargo.toml
[dependencies]
flowsta-agent-linking-integrity = { git = "https://github.com/WeAreFlowsta/flowsta-agent-linking" }
# coordinator/Cargo.toml
[dependencies]
flowsta-agent-linking-coordinator = { git = "https://github.com/WeAreFlowsta/flowsta-agent-linking" }The zomes provide:
create_direct_link- Commit identity attestationget_linked_agents- Query linked agentsare_agents_linked- Check if two agents are linkedrevoke_link- Revoke a link
CAL Compliance
All Holochain apps are licensed under the Cryptographic Autonomy License (CAL), which requires that users can access their data and cryptographic keys. Flowsta Vault makes CAL compliance easy — integrate auto-backups so users can export their data at any time:
import { startAutoBackup } from '@flowsta/holochain';
startAutoBackup({
clientId: 'flowsta_app_abc123',
appName: 'YourApp',
getData: async () => {
const publicData = await getMyContent();
const privateData = await getMyDecryptedPrivateEntries();
return {
content: publicData,
private_data: {
_readme: "Decrypted from encrypted DHT entries.",
...privateData,
},
};
},
});If your app stores encrypted entries on the DHT, decrypt them and include the plaintext in the backup. The Vault encrypts backups at rest — no need to double-encrypt. Every time you add new entry types, update getData to include them.
Next Steps
- Building Holochain Apps — Step-by-step integration
- Agent Linking — Attestation mechanics
- Encrypted Entries — Private data on public DHT
- @flowsta/holochain SDK — Backup API reference
- Holochain Architecture — How Flowsta's infrastructure works