Yen.io login suggestion

petersaddington

#1

Here is my first and hope not the last post in the Pub :grin:

Let’s preached by the example:

As mentioned on yesterday live stream chat, I was suggesting to preached by the example, and why not use a blockchain based Login ID solution, made possible on the Digibyte blockchain using the Digi-ID solution!! and of corse this is not the only login possibility, but one of them, like the Pub let you login by Email, or Facebook or Patreon.

It’s a secure and easy way to login in any website using the Digi-ID, by using the Digibyte wallet (android or iPhone) and by scanning a generated QR-code from the login page and securely confirming the process on your phone, by finger print or pin code.

I am not gonna lie to you guys, I am big fan of Digibyte and be side Bitcoin it’s the only UTXO coin I believe on, and by trying this solution I think it’s the future of security.

And, from a pragmatic side, the digibyte community is huge, and they are really active on social networks, like twitter or Reddit, having them on board it’s a win for Yen.io and a good marketing on my humble opinion.

Here is a look at how it works and the all the links for documentations, sample and implementations solutions:

Digi-ID Integration guide

Guidelines for incorporating Digi-ID into your platform

Read time: 7 minutes

Digi-ID is an open protocol that allows for fast, simple and yet incredibly secure authentication based on the DigiByte Blockchain. Digi-ID utilizes public key cryptography much in the same way keyless SSH access works, just with a user-friendly wrapper around it.

Specification

Prior to being given access to a secure / restricted area of a website or service, the user will be shown a QR code, potentially alongside existing authentication methods:

The QR code contains:

digiid://www.website.com/callback?x=NONCE

digiid is the protocol scheme used to trigger mobile applications when tapped

www.website.com/callback is the callback URL. https is strongly recommended.

x=NONCE is the nonce which must always be unique and will be linked to the users session ID

http is only accepted with “&u=1” appended to the callback URL, however this is only recommended during development / testing and should not be used in production environments. Digi-ID is not a substitute for SSL encryption.

Once the QR code is scanned by the user in the Digi-ID authenticator or DigiByte Wallet, the user will be prompted to confirm authentication for the target service.

The user will then enter their unique PIN or scan their fingerprint to confirm. They will be prompted with a dialog box or toast message indicating success or an error message if applicable.

The server verifies the signature validity, then allows the user access to the authenticated session. Only the users public key needs to be kept on the server, though naturally additional information can be stored alongside as needed, though everything else is optional from an authentication perspective.

The server should also have a timeout for the nonce validity in order to prevent replay attacks.

Do you have a sample / demonstration website available?

Yes, you can try out Digi-ID

here

Is there a sample PHP library to help me integrate Digi-ID?

Yes, it’s available at GitHub.

Is there a sample Javascript library to help me integrate Digi-ID?

Yes, it is available here.

PS : little note to @peter my name is “Heb” no need to cut like a company name “h-e-b” loooll
it’s all about love brother and thanks a lot for taking the time to listening to us !! peaaacceee !!


#2

Off topic but I wish the word nonce wasn’t brought into blockchain :weary: really not a nice thing to call someone In the UK haha


#3

Just in case videos are better words than words loool