The current user authentication is flawed. To authenticate, a user:
logs into Gaspar
gets a signature from the auth-server on their ID and the master chain ID
However:
there is no timeout, so anybody could take this signature and just forge any message they want to
the messages sent to the service-api are not signed in any way, so the leader can change them at will
Proposed fix for the authentication:
When a user authentifies, they create an ephemeral keypair and send the ephemeral public key to the authentication server
The authentication server checks with Gaspar that the user is who they pretend to be
The authentication server creates a certificate by signing the ephemeral public key, together with a timestamp
This certificate is only valid for a given timeframe (30 minutes? 1 hour?)
Whenever the user wants to call the service-api, they sign the whole message including all the data with their
ephemeral private key and add the certificate of the authentication server
The backend verifies the validity of the certificate by verifying the signature and the timestamp, then uses the public key in the certificate to verify the message from the user
The current user authentication is flawed. To authenticate, a user:
However:
Proposed fix for the authentication: