Skip to content

planet-nine-app/sessionless

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

396 Commits
.idea
.idea
 
 
assets
assets
 
 
docs
docs
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README-DEV.md
README-DEV.md
 
 
README-UX.md
README-UX.md
 
 
README.md
README.md
 
 
test.sh
test.sh
 
 

Repository files navigation

Sessionless

Sessionless Logo

Sessionless

Sessionless is an authentication protocol, which can also be referred to as the SessionLess Authentication Protocol (SLAP). It is meant to be a (the following aren't links, they're on-hover texts) general purpose transport-agnostic multi-language multi-platform authentication protocol with no shared-secret or personally identifying information shared between participants.

Getting Started

You will want to checkout the language, and if necessary the platform, you're interested in in the repo for installation steps. In general, everything is available in the standard package manager system of the given language (i.e. maven for java, and pip for python).

Methods

There are four methods that each implementation has. In addition there are two optional method based on how the platform stores sensitive data. For the most part these optional methods are only available in client-side platforms like mobile, and consoles.

The methods are as follows (see API for more details):

Client

  • generateKeys - generates a private/public key pair on the secp256k1 elliptical curve
  • sign - creates a signature of a message string with a private key

Server

  • verifySignature - verifies a signature with a public key
  • generateUUID - generates a uuidv4 uuid

Optional

  • getKeys - on platforms where secure storage is well-defined we've implemented getKeys within Sessionless rather than having it passed into generateKeys.
  • associate - convenience method for verifying two signatures to associate a public key with another

A typical registration is for a client to generateKeys, and then use those keys to sign a message, and send to the server. The server can then verifySignature on the payload received from the client, and grant a uuid with generateUUID.

Building with Sessionless

Like https (I use the comparison simply for familiarity, and not try to say Sessionless is on the same tier), Sessionless is a protocol that you likely won't just use directly. Instead it's meant to be the protocol layer of an authentication implementation. One example implementation can be found here. More will come, and if you make one feel free to make a pr to link it here.

Want to learn more?

There are links to more reading for devs, and for ux'ers, and some videos coming soon.

A brief note from zach-planet-nine

With Sessionless, and any subesequent open source projects I start, I'm trying to make them accessible to all parts of the tech industry. Right now that means focusing on dev, UX, and product, but qa, analytics, customer success, etc. are all welcome. Trust me, there's plenty of work to go around.

To this end, I'm going to try my best to provide domain-specific documentation as an entry point. This is very much a wip, and, as far as I know, not something that there's an established pattern for so all feedback welcome.

Dev UX Product
README-DEV README-UX coming soon

About

A repo for the sessionless protocol

sessionless.org

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

30 stars

Watchers

2 watching

Forks

9 forks
Report repository

Releases

2 tags

Packages

 
 
 

Contributors 9

Languages