search

LinuxForHealth / connect-r-and-d

Linux For Health Connectors for Inbound Data Processing
Apache License 2.0
14 stars 19 forks source link

DID authentication for Kong API #229

Open jonathan-consensysHealth opened 4 years ago

jonathan-consensysHealth commented 4 years ago

I as an end-user can authenticate to the KONG API using a cryptographically signed payload.

  1. present QR code to end-user

  2. End user scans QR code and consume the content, parse the openID: section for nounce and callback.

  3. End user signs the nounce

  4. End user device send signed nounce to callback.

  5. KONG api, received the signed challenge ( nounce )

  6. KONG api parses the JWT,

  7. KONG API fetched the public key associated with the KID in JWT.

  8. KONG API and validates the signature.

  9. KONG API creates a token ( i.e. Bearer token) and stores this in DB including TTL and this is sharable with all backend

additional steps would be to request additional verifiable credential or claims to identify the end-user ( ie. Verifiable credentials for name, and why they should should access. )

ccorley commented 4 years ago

related to #142

jonathan-consensysHealth commented 4 years ago

yes, although first there is authentication, then exchange of verifiable credentials, then authorization, then perform additional actions such as store a release of information as a signed payload, which could be a verifiable credential. I'll try to include the flow diagrams soon to flush it all out.