roelandp
commented
5 years ago Not sure what your usecase is, but here is how you could implement server side cross check verification:
- Generate a unique id on your server for the login (verification) attempt.
- Have the user sign it using "Steem Keychain"
- Verify the signature server side.
The point of having keychain is that the user has a local wallet, keeping his keys private all the time and decide clientside whenever transactions should be signed / executed. This is the whole point.
If you want to ask users to (basically) give them their Posting_private_key you can just ask them for it, however it would be a potential security threat.
Another way to perform actions on behalf of the user, while keeping them in "somewhat" control is using the requestAddAccountAuthority feature, where your "App" is asked to be "co-signer" of the user's account for the "Posting" or "Active" key. This way your app can executed tasks on behalf of the user, without the user giving them the actual key. Your app will then become an "account_auth". The user can add any time remove the "authorization" of your account.
BartolomeoItaliano
tiotdev
Hi, I need to verify user identity on server side, does keychain provide such an option? Or can I request for it?
Keychain could just provide me with encrypted with private posting key JSON with user name and date of encryption this way I could easily authorize user with new functionalities.
I will then send this encrypted data to my server and decrypt data on server side with his public posting key from blockchain .
I think providing me with such information would be 100% safe for user and will masively extend keychain functionality.