This is a auth package written to replace the built in auth package very easily. The log in uses DID signatures to verify that the user. For more info on the protocol check out: https://www.kilt.io/.
When a user signs in they are given a random key to sign. This is also saved in a session. When the user sends back the signed key they also send their DID. The DID, signed key and key from the session are used to check if the signature is valid and the verify the DID ownership.
This is a auth package written to replace the built in auth package very easily. The log in uses DID signatures to verify that the user. For more info on the protocol check out: https://www.kilt.io/.
When a user signs in they are given a random key to sign. This is also saved in a session. When the user sends back the signed key they also send their DID. The DID, signed key and key from the session are used to check if the signature is valid and the verify the DID ownership.