@ -20,8 +20,8 @@ whether the user already has an existing session in the Blockstack Browser.
<imgsrc="images/kingdom_notin.png"alt="">
<imgsrc="images/kingdom_notin.png"alt="">
Alice can choose to authenticate as one of her Blockstack IDs by selecting the
Alice can choose to authenticate as one of her Blockstack usernames by selecting the
ID and clicking the **Approve** button. The Blockstack Browser shows Alice an approval dialog with information about your app including:
username and clicking the **Approve** button. The Blockstack Browser shows Alice an approval dialog with information about your app including:
* The origin your app was served from
* The origin your app was served from
* Your app's name
* Your app's name
@ -40,11 +40,11 @@ A decentralized application (DApp) and the Blockstack Browser communicate during
![](/storage/images/app-sign-in.png)
![](/storage/images/app-sign-in.png)
When a user chooses to **Sign in with Blockstack** on a DApp, calls the `redirectToSignIn()` method which sends the user to the Blockstack Browser. When Blockstack Browser is provided an ID, it generates an The browser responds with an authentication token and an _app private key_.
When a user chooses to **Sign in with Blockstack** on a DApp, calls the `redirectToSignIn()` method which sends the user to the Blockstack Browser. When Blockstack Browser is provided a username, it generates an The browser responds with an authentication token and an _app private key_.
The app private key is application-specific. It is generated from the user's identity address private key using the `appDomain` as input. The key is ephemeral, it is generated for each execution of a key establishment process. This key is just used for the particular instance of the application, in this case to sign a sign-in request.
The app private key is application-specific. It is generated from the user's identity address private key using the `appDomain` as input. The key is ephemeral, it is generated for each execution of a key establishment process. This key is just used for the particular instance of the application, in this case to sign a sign-in request.
This app private key is also deterministic, meaning that for a given Blockstack ID and domain name, the same private key is generated each time. The app private key is securely shared with the app on each authentication and encrypted by the Blockstack Browser. The key serves three functions, it:
This app private key is also deterministic, meaning that for a given Blockstack username and domain name, the same private key is generated each time. The app private key is securely shared with the app on each authentication and encrypted by the Blockstack Browser. The key serves three functions, it:
* is used to create the credentials that give an app access to the Gaia hub storage bucket for that specific app
* is used to create the credentials that give an app access to the Gaia hub storage bucket for that specific app
* is used in the end-to-end encryption of files stored for the app on the user's Gaia hub
* is used in the end-to-end encryption of files stored for the app on the user's Gaia hub
@ -120,10 +120,10 @@ Blockstack Browser encrypts secret data such as the app private key using this
public key and sends it back to the app when the user signs in to the app. The
public key and sends it back to the app when the user signs in to the app. The
transit private key signs the app authentication request.
transit private key signs the app authentication request.