Skip to content

PiperFinance/UA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
.idea
.idea
 
 
src
src
 
 
tests
tests
 
 
thunder-tests
thunder-tests
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
config
config
 
 
docker-compose.yaml
docker-compose.yaml
 
 
entrypoint.sh
entrypoint.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Auth Flow

User has wallet which contains user's privateKey.

Fact#1

Private key can be used to sign a msg and then verify the msg!

Fact#2

Public address of private key can be derived signed msg by comparing signed msg hash and original msg

Fact#3

Browser can create a random password and then use it as a starting point for sign-up

Fact#4

Browser Can hold a session (jwt-token) generated by server and ask for refresh when ever needed

Fact#5

Jwt Token has two fixed expiry times; one for resource usage and two to refresh token. This can tell server wether user is online or inactive or offline ....

Fact#6

This approach has no forgot password approach :)

User Sign Up

  • Generate a random password
  • Store Password in browser
  • Connect Wallet
  • Ask for a msg from server
  • Sign a msg
  • Post Signed msg
  • Server Responds with Session token (JWT)
  • Store Session
  • [FUTURE]
    • Ouath / Email / other methods
    • Add Password Recovery
  • Done !

Samples

MSG = uuid.New()

About

Yet another user authentication service !

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages