Closed BartolomeoItaliano closed 5 years ago
Not sure what your usecase is, but here is how you could implement server side cross check verification:
The point of having keychain is that the user has a local wallet, keeping his keys private all the time and decide clientside whenever transactions should be signed / executed. This is the whole point.
If you want to ask users to (basically) give them their Posting_private_key you can just ask them for it, however it would be a potential security threat.
Another way to perform actions on behalf of the user, while keeping them in "somewhat" control is using the requestAddAccountAuthority
feature, where your "App" is asked to be "co-signer" of the user's account for the "Posting" or "Active" key. This way your app can executed tasks on behalf of the user, without the user giving them the actual key. Your app will then become an "account_auth". The user can add any time remove the "authorization" of your account.
I resolved it:
It's actually much easier with https://github.com/bonustrack/steemconnect.js. It's not documented very well, but the login() function supports logging in with Keychain (default if installed) as well as with Steemconnect and returns the same JWT that can be verified with the me() call from steemconnect-js on the server-side
Hi, I need to verify user identity on server side, does keychain provide such an option? Or can I request for it?
Keychain could just provide me with encrypted with private posting key JSON with user name and date of encryption this way I could easily authorize user with new functionalities.
I will then send this encrypted data to my server and decrypt data on server side with his public posting key from blockchain .
I think providing me with such information would be 100% safe for user and will masively extend keychain functionality.