You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Websockets - The authentication protocol is async so there needs to be a way for the api to communicate back to the frontend after step 7 of the protocol
Implementation of SigmaProp and Verify ErgoAuth ergo-python-appkit wrappers
Implementation in paideia-api
ErgoAuth authentication protocol
An authentication with ErgoAuth is driven by a dApp that needs to authenticate a user.
The user enters the necessary information in the dApp's UI for the dApp to know if authentication
is necessary. For example, users might enter their P2PK address (or, instead of manually entering,
use ErgoPay to send the address to the dApp automatically).
The dApp determines that authenticating the user is needed. For this, the dApp prepares a unique
message that the wallet app should sign with a user's private key, and a SigmaBoolean that the user
needs to authenticate for. This might be a P2PK address wrapped in a SigmaBoolean.
The dApp presents an ErgoAuth link for the user to click and open the wallet app and a QR code
for mobile users to scan from within the wallet app.
The wallet application parses the QR code/link data and obtains a ErgoAuthRequestUrl to fetch the actual ErgoAuthRequest data from
(see Data Formats section).
When ErgoAuthRequest is obtained, the wallet presents a screen showing that a dApp wants to
authenticate the user, and the address the request is for. The wallet app should also inform the
user that no funds or moved and no secrets will leave the device.
In a future enhancement, the Auth Request could be relayed to a Cold wallet device. This is an enhancement
of EIP-0019 and would not change ErgoAuth protocol.
When the user agrees, the wallet app adds some own bytes to the obtained message from ErgoAuthRequest,
signs it and sends the signed message to the ErgoAuthRequest's replyToUrl.
The dApp validates the signed message. When successful, it can proceed with its flow.
Data Formats
Wallet apps should be able to initiate ErgoAuth both by using URI schemes
(clickable links) or QR codes.
ergoauth://<URL>
An URL is provided without the https prefix. http communication is not allowed except for IP addresses
(in order to test within a local network).
Examples:
ergoauth://sigmavalley.io/auth/2021-16b8-66c4-b800-6e52-8ce4 will make the wallet app request https://sigmausd.io/auth/2021-16b8-66c4-b800-6e52-8ce4
ergoauth://192.168.0.1/auth will make the wallet app request http://192.168.0.1/auth
Response body: ErgoAuthRequest
The wallet application should request URL and obtain the following data (json format)
signedMessage: Message containing the signingMessage sent by the dApp with additional bytes added by the
wallet. The addition of random bytes is done to prevent letting the user signing a message that might be used
for unwanted malicious tasks.
proof: Output of signing signedMessage
In case there was an error building the ErgoAuthRequest on the dApp side, the dApp might reply
with an ErgoAuthRequestError to inform the user about the error:
ErgoAuthRequestError:
- userMessage: String
The wallet application will show the user message to the user.
ErgoAuth: user authentication protocol between wallet applications and dApps
Contents
Notes On Paideia Implementaion
ErgoAuthResponse
#643ergo-python-appkit
wrapperspaideia-api
ErgoAuth authentication protocol
An authentication with ErgoAuth is driven by a dApp that needs to authenticate a user.
The user enters the necessary information in the dApp's UI for the dApp to know if authentication
is necessary. For example, users might enter their P2PK address (or, instead of manually entering,
use ErgoPay to send the address to the dApp automatically).
The dApp determines that authenticating the user is needed. For this, the dApp prepares a unique
message that the wallet app should sign with a user's private key, and a SigmaBoolean that the user
needs to authenticate for. This might be a P2PK address wrapped in a SigmaBoolean.
The dApp presents an ErgoAuth link for the user to click and open the wallet app and a QR code
for mobile users to scan from within the wallet app.
The wallet application parses the QR code/link data and obtains a
ErgoAuthRequestUrl
to fetch the actualErgoAuthRequest
data from(see Data Formats section).
When
ErgoAuthRequest
is obtained, the wallet presents a screen showing that a dApp wants toauthenticate the user, and the address the request is for. The wallet app should also inform the
user that no funds or moved and no secrets will leave the device.
In a future enhancement, the Auth Request could be relayed to a Cold wallet device. This is an enhancement
of EIP-0019 and would not change ErgoAuth protocol.
When the user agrees, the wallet app adds some own bytes to the obtained message from ErgoAuthRequest,
signs it and sends the signed message to the ErgoAuthRequest's replyToUrl.
The dApp validates the signed message. When successful, it can proceed with its flow.
Data Formats
Wallet apps should be able to initiate ErgoAuth both by using URI schemes
(clickable links) or QR codes.
ergoauth://<URL>
An URL is provided without the https prefix. http communication is not allowed except for IP addresses
(in order to test within a local network).
Examples:
ergoauth://sigmavalley.io/auth/2021-16b8-66c4-b800-6e52-8ce4
will make the wallet app requesthttps://sigmausd.io/auth/2021-16b8-66c4-b800-6e52-8ce4
ergoauth://192.168.0.1/auth
will make the wallet app requesthttp://192.168.0.1/auth
Response body: ErgoAuthRequest
The wallet application should request URL and obtain the following data (json format)
(Remark: An Ergo p2pk address is a SigmaBoolean, so authenticating a wallet address is possible with this)
If provided, the wallet application should show the userMessage and display the messageSeverity
in a suitable way.
After signing is performed, the
wallet must POST the following data to the dApp using replyToUrl from the
request (json format).
signedMessage
: Message containing thesigningMessage
sent by the dApp with additional bytes added by thewallet. The addition of random bytes is done to prevent letting the user signing a message that might be used
for unwanted malicious tasks.
proof
: Output of signingsignedMessage
In case there was an error building the ErgoAuthRequest on the dApp side, the dApp might reply
with an
ErgoAuthRequestError
to inform the user about the error:The wallet application will show the user message to the user.
Implementation in wallet app
Ergo Wallet App #112
Implementation in dApp
Ergo Appkit #157
dApp: Added to ErgoPay backend example
The text was updated successfully, but these errors were encountered: