Browse Source

Convert "ID" to "username" in auth guide

blockstack-connect-release
Mark M. Hendrickson 5 years ago
committed by Mark Hendrickson
parent
commit
7007089b50
  1. 16
      overview_auth.md

16
overview_auth.md

@ -20,8 +20,8 @@ whether the user already has an existing session in the Blockstack Browser.
<img src="images/kingdom_notin.png" alt=""> <img src="images/kingdom_notin.png" alt="">
Alice can choose to authenticate as one of her Blockstack IDs by selecting the Alice can choose to authenticate as one of her Blockstack usernames by selecting the
ID and clicking the **Approve** button. The Blockstack Browser shows Alice an approval dialog with information about your app including: username and clicking the **Approve** button. The Blockstack Browser shows Alice an approval dialog with information about your app including:
* The origin your app was served from * The origin your app was served from
* Your app's name * Your app's name
@ -40,11 +40,11 @@ A decentralized application (DApp) and the Blockstack Browser communicate during
![](/storage/images/app-sign-in.png) ![](/storage/images/app-sign-in.png)
When a user chooses to **Sign in with Blockstack** on a DApp, calls the `redirectToSignIn()` method which sends the user to the Blockstack Browser. When Blockstack Browser is provided an ID, it generates an The browser responds with an authentication token and an _app private key_. When a user chooses to **Sign in with Blockstack** on a DApp, calls the `redirectToSignIn()` method which sends the user to the Blockstack Browser. When Blockstack Browser is provided a username, it generates an The browser responds with an authentication token and an _app private key_.
The app private key is application-specific. It is generated from the user's identity address private key using the `appDomain` as input. The key is ephemeral, it is generated for each execution of a key establishment process. This key is just used for the particular instance of the application, in this case to sign a sign-in request. The app private key is application-specific. It is generated from the user's identity address private key using the `appDomain` as input. The key is ephemeral, it is generated for each execution of a key establishment process. This key is just used for the particular instance of the application, in this case to sign a sign-in request.
This app private key is also deterministic, meaning that for a given Blockstack ID and domain name, the same private key is generated each time. The app private key is securely shared with the app on each authentication and encrypted by the Blockstack Browser. The key serves three functions, it: This app private key is also deterministic, meaning that for a given Blockstack username and domain name, the same private key is generated each time. The app private key is securely shared with the app on each authentication and encrypted by the Blockstack Browser. The key serves three functions, it:
* is used to create the credentials that give an app access to the Gaia hub storage bucket for that specific app * is used to create the credentials that give an app access to the Gaia hub storage bucket for that specific app
* is used in the end-to-end encryption of files stored for the app on the user's Gaia hub * is used in the end-to-end encryption of files stored for the app on the user's Gaia hub
@ -120,10 +120,10 @@ Blockstack Browser encrypts secret data such as the app private key using this
public key and sends it back to the app when the user signs in to the app. The public key and sends it back to the app when the user signs in to the app. The
transit private key signs the app authentication request. transit private key signs the app authentication request.
### Blockstack ID Identity address private key ### Blockstack username identity address private key
The identity address private key is derived from the user's keychain phrase and The identity address private key is derived from the user's keychain phrase and
is the private key of the Blockstack ID that the user chooses to use to sign in is the private key of the Blockstack username that the user chooses to use to sign in
to the app. It is a secret owned by the user and never leaves the user's to the app. It is a secret owned by the user and never leaves the user's
instance of the Blockstack Browser. This private key signs the authentication instance of the Blockstack Browser. This private key signs the authentication
response token for an app to indicate that the user approves sign in to that response token for an app to indicate that the user approves sign in to that
@ -133,7 +133,7 @@ app.
The app private key is an app-specific private key that is generated from the The app private key is an app-specific private key that is generated from the
user's identity address private key using the `domain_name` as input. It is user's identity address private key using the `domain_name` as input. It is
deterministic in that for a given Blockstack ID and `domain_name`, the same deterministic in that for a given Blockstack username and `domain_name`, the same
private key will be generated each time. The app private key is securely shared private key will be generated each time. The app private key is securely shared
with the app on each authentication, encrypted by the Blockstack Browser with with the app on each authentication, encrypted by the Blockstack Browser with
the transit public key. the transit public key.
@ -207,7 +207,7 @@ const requestPayload = {
private_key, // encrypted private key payload private_key, // encrypted private key payload
public_keys, // single entry array with public key public_keys, // single entry array with public key
profile, // profile object or null if passed by profile_url profile, // profile object or null if passed by profile_url
username, // blockstack id username (if any) username, // blockstack username (if any)
core_token, // encrypted core token payload core_token, // encrypted core token payload
email, // email if email scope is requested & email available email, // email if email scope is requested & email available
profile_url, // url to signed profile token profile_url, // url to signed profile token

Loading…
Cancel
Save