lukechilds
/
docs
mirror of https://github.com/lukechilds/docs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Convert "ID" to "username" in auth guide

blockstack-connect-release
Mark M. Hendrickson 5 years ago
committed by Mark Hendrickson
parent
b4d1f43037
commit
7007089b50
1 changed files with 8 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      overview_auth.md

16
overview_auth.md
View File

@ -20,8 +20,8 @@ whether the user already has an existing session in the Blockstack Browser.
<img src="images/kingdom_notin.png" alt="">
Alice can choose to authenticate as one of her Blockstack IDs by selecting the
ID and clicking the **Approve** button. The Blockstack Browser shows Alice an approval dialog with information about your app including:
Alice can choose to authenticate as one of her Blockstack usernames by selecting the
username and clicking the **Approve** button. The Blockstack Browser shows Alice an approval dialog with information about your app including:
* The origin your app was served from
* Your app's name
@ -40,11 +40,11 @@ A decentralized application (DApp) and the Blockstack Browser communicate during
![](/storage/images/app-sign-in.png)
When a user chooses to **Sign in with Blockstack** on a DApp, calls the `redirectToSignIn()` method which sends the user to the Blockstack Browser. When Blockstack Browser is provided an ID, it generates an The browser responds with an authentication token and an _app private key_.
When a user chooses to **Sign in with Blockstack** on a DApp, calls the `redirectToSignIn()` method which sends the user to the Blockstack Browser. When Blockstack Browser is provided a username, it generates an The browser responds with an authentication token and an _app private key_.
The app private key is application-specific. It is generated from the user's identity address private key using the `appDomain` as input. The key is ephemeral, it is generated for each execution of a key establishment process. This key is just used for the particular instance of the application, in this case to sign a sign-in request.
This app private key is also deterministic, meaning that for a given Blockstack ID and domain name, the same private key is generated each time. The app private key is securely shared with the app on each authentication and encrypted by the Blockstack Browser. The key serves three functions, it:
This app private key is also deterministic, meaning that for a given Blockstack username and domain name, the same private key is generated each time. The app private key is securely shared with the app on each authentication and encrypted by the Blockstack Browser. The key serves three functions, it:
* is used to create the credentials that give an app access to the Gaia hub storage bucket for that specific app
* is used in the end-to-end encryption of files stored for the app on the user's Gaia hub
@ -120,10 +120,10 @@ Blockstack Browser encrypts secret data such as the app private key using this
public key and sends it back to the app when the user signs in to the app. The
transit private key signs the app authentication request.
### Blockstack ID Identity address private key
### Blockstack username identity address private key
The identity address private key is derived from the user's keychain phrase and
is the private key of the Blockstack ID that the user chooses to use to sign in
is the private key of the Blockstack username that the user chooses to use to sign in
to the app. It is a secret owned by the user and never leaves the user's
instance of the Blockstack Browser. This private key signs the authentication
response token for an app to indicate that the user approves sign in to that
@ -133,7 +133,7 @@ app.
The app private key is an app-specific private key that is generated from the
user's identity address private key using the `domain_name` as input. It is
deterministic in that for a given Blockstack ID and `domain_name`, the same
deterministic in that for a given Blockstack username and `domain_name`, the same
private key will be generated each time. The app private key is securely shared
with the app on each authentication, encrypted by the Blockstack Browser with
the transit public key.
@ -207,7 +207,7 @@ const requestPayload = {
private_key, // encrypted private key payload
public_keys, // single entry array with public key
profile, // profile object or null if passed by profile_url
username, // blockstack id username (if any)
username, // blockstack username (if any)
core_token, // encrypted core token payload
email, // email if email scope is requested & email available
profile_url, // url to signed profile token

Write Preview
Loading…
Cancel
Save