π OpenId Connect server for Azero ID.
π This is an experimental project to explore the possibilities of the Azero ID protocol. Do not use this in production.
π It is an adoption of my NFT Login project to the Azero ID NFT.
π The server is online at azero.web3-login.net.
π Non fungible tokens are a proof of digital ownership. This ownership can be used to give access to any digital resource or service.
π The server is an OpenId Connect server. It uses the Azero ID NFT as a proof of ownership. The user can login with the Azero ID NFT. The server verifies the signature of the token and returns a JWT token. The JWT token can be used to authenticate the user.
π The server can be configured to use RSA or EDDSA keys. The keys are used to sign the JWT token. The public keys can be viewed at the /jwk endpoint.
π The server can be configured with a config.yml file. The config.yml file can be used to configure the keys and the OpenId Connect endpoints.
- β Azero ID
- β OpenId Connect
- π OAuth2
trunk build
cargo run --bin servercargo test -- --nocaptureπ§ The contracts are generated with ink-wrapper from the Metadata.
ink-wrapper -m assets/azero_router_metadata.json | rustfmt --edition 2021 > src/azero/router_contract.rs
ink-wrapper -m assets/tzero_router_metadata.json | rustfmt --edition 2021 > src/tzero/router_contract.rsπ The metadata can be fetched from the node.
cargo install subxt-cli
subxt metadata --output-file azero-testnet-metadata.scale --url wss://ws.test.azero.dev:443π We can generate keys with openssl. They are used to sign the tokens. The generated public keys can be viewed at /jwk endpoint.
openssl genpkey -algorithm ed25519 -out private_eddsa.pem
openssl genrsa --traditional -out private_rsa.pem 1024π Copy the content into the config.yml as rsa_pem or eddsa_pem or add the path to the file as rsa_pem_file.
trunk buildcargo buildcd frontend && trunk servecargo run --bin serverdocker-compose up- Add tests
- Add documentation
- Add OAuth2
-
β οΈ Critical: The signature relies on the nonce, the user brings with the request. This is not secure. The id to signature should be generated by the server.
π This is experimental software. Use at your own risk. One security risk is, that the server does not verify the client id and client secret of a server that wants to authenticate a user. This means that any server can fetch information of a user token if the user has logged in to the server before. The token is a uuid v4 and can hardly be guessed. Just saying.
π€ This is not an official Azero ID project. I am not affiliated with the Azero ID team. Use at your own risk.
Prompt: Design a modern and sleek icon representing an OpenID Connect server integrated with Aleph Zero blockchain technology. The icon should symbolize secure digital identity verification and blockchain features. It should include visual elements like a shield for security, a key to represent access, and blockchain motifs like connected blocks or nodes. The color scheme should be a blend of blues and greens, conveying a sense of trust, security, and technology. The overall look should be futuristic and professional, suitable for a tech-focused audience.
Prompt: Create a banner for a hackathon project page, featuring the concept of 'Azero Web3-Login'. The banner should visually represent the integration of a crypto wallet with the OpenID Connect server. Include imagery that symbolizes secure digital identity verification, such as a shield and a digital wallet. The design should incorporate blockchain elements like connected blocks or nodes and include the text 'Azero Web3-Login' prominently. The color scheme should be a blend of blues and greens, portraying trust, security, and a connection to blockchain technology. The style should be modern, professional, and appealing to a tech-savvy audience.