Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Decentralized Ethereum OAuth2 Authentication System

Ping
December 26, 2018

Decentralized Ethereum OAuth2 Authentication System

Ethauth is an open source OAuth2 compatible ethereum authentication service.
Allow your user to login with their Ethereum account signature via Metamask or Moblie Wallet App just like any other OAuth service, enhanced privacy and security.

Ping

December 26, 2018
Tweet

Other Decks in Programming

Transcript

  1. Security No user/pass database is required Your wallet address is

    your identity Your signature is used only once
  2. ETH Auth Client Client Browser (1) Redirect to Auth Server

    (2) Read address (3) Generate challenge hmac_sha256(address + random_string) and cached it on server (4) Prompt Signature Request with banner (site name) and challenge (5) Sign challenge to generate proof
  3. ETH Auth Client Client Browser (6) Send challenge and proof

    to server (7) Recover address with challenge and proof using sigUtil and confirm cached challenge/recoveredAddress matched (8) Redirect to client with recoveredAddress Authentication Completed