Skip to content

v0.1.0

Choose a tag to compare

View all tags
@joemarct joemarct released this 26 Feb 04:22
· 29 commits to master since this release
v0.1.0
5920f46

Release notes

Initial release of Bitcoin Cash OAuth - A decentralized authentication system using Bitcoin Cash ECDSA signatures for identity verification. This release includes server-side Python packages for Django and FastAPI frameworks, plus a universal JavaScript client library.

Features

Core Authentication Protocol

  • ECDSA-based Authentication: Uses Bitcoin Cash public/private key pairs instead of passwords
  • Message Signing Protocol: Clients sign messages in format bitcoincash-oauth|domain|userId|timestamp
  • Domain Binding: Signatures include domain to prevent phishing attacks across different sites
  • Replay Protection: Timestamps prevent replay attacks (5-minute window)
  • CashAddr Format: Modern Bitcoin Cash address format with built-in error detection

Python Server Packages

bitcoincash-oauth-django

  • Django authentication backend for Bitcoin Cash OAuth
  • Django REST Framework integration with custom authentication classes
  • Middleware for automatic signature verification
  • Database models for storing user-address mappings
  • Management commands for user administration
  • Support for Django 4.0+ and Django REST Framework 3.14+

bitcoincash-oauth-fastapi

  • FastAPI dependency injection system for OAuth authentication
  • Automatic JWT token generation and validation
  • Async/await support for high-performance applications
  • Built-in rate limiting and security headers
  • Redis integration for token storage (optional)

JavaScript Client Library

bitcoincash-oauth-client

  • Universal library supporting both browser and Node.js environments
  • Keypair generation using libauth (pure JavaScript, no native dependencies)
  • Automatic message signing and signature formatting
  • Token refresh handling with automatic retry
  • Secure storage abstraction (works with localStorage, sessionStorage, or custom storage)
  • TypeScript definitions included
  • Works with all major JavaScript frameworks (React, Vue, Angular, etc.)

API Endpoints (Server)

  • POST /auth/register - Register new user with Bitcoin Cash address
  • POST /auth/token - Obtain OAuth2 access token via signature authentication
  • POST /auth/refresh - Refresh expired access tokens
  • POST /auth/revoke - Revoke access tokens
  • GET /auth/me - Get current user information

Security Features

  • Signature verification using secp256k1 curve (same as Bitcoin Cash)
  • Public key to address conversion for verification
  • Protocol prefix to prevent cross-protocol signature reuse
  • Configurable token expiration (1 hour default for access tokens)
  • Token revocation list support
  • HTTPS enforcement recommendations
Assets 2
Loading