Authentication
User Flow
User visits a new website that requires authentication from wallet.
- Website displays Pairing qrcode or deep link
- User scans qrcode or redirects to wallet
- User approves prompt for auth in wallet
- User returns to website after prompt success
- Website is now authenticated with signed message
User returns to a previously visited website before authentication expiry
- Website checks if user is authenticated from local storage
- Website is now authenticated with signed message
User returns to a previously visited website after authentication expiry
- Website checks if user is authenticated from local storage
- Website generates new keypair and derives a new response topic from it
- Website sends new request to previously paired wallet, using known pairing topic, but subscribes to new response topic
- User is prompted/redirected to wallet
- User approves prompt for auth in wallet, wallet responds on the new response topic
- User returns to website after prompt success
- Website is now authenticated with signed message
Request Protocol
Prerequisites
A and B are required to establish pairing before proceeding to Auth protocol execution.
Protocol
A generates keyPair X and generates response topic.
Response topic is the hash of publicKey X.
A will construct an authentication request.
A publishes request on A-B pairing.
A subscribes to messages on response topic.
B receives request on A-B pairing.
B constructs message to be signed from request and signs it.
B generates keyPair Y and generates shared symKey R.
B encrypts response with symKey R as type 1 envelope.
B sends response on response topic.
A receives response and validates signature.
If signature is valid, then user is authenticated.