shivam017arora / Passwordless

Passwordless Authentication using Zero Knowledge Proof
MIT License
0 stars 0 forks source link

Features #1

Open shivam017arora opened 1 year ago

shivam017arora commented 1 year ago

Screens

Validation

shivam017arora commented 1 year ago

Backend:

  1. Custodial Wallet Generation (Optional / FLOW only):

    • API Endpoint: Generate a custodial wallet for an issuer based on their email and password.
    • Store the private and public key pair in MongoDB.
  2. Issuer Sign Up API:

    • API Endpoint: Handle the signing up of an issuer by saving their public key and associated metadata in MongoDB.
    • Output: Return an encrypted password for the issuer.
  3. Sign Up Button Integration API (3rd party app):

    • API Endpoint: Validate the issuer's existence by checking MongoDB using the public key and signature.
    • Output: Return a QR code image containing the encoded public key and metadata for the 3rd party app to invoke the ZK server callback.
  4. ZK Server API for Sign Up Button Integration:

    • API Endpoint: Receive the QR code image from the 3rd party app and extract the encoded public key and metadata.
    • Validate the domain public key and encrypted password match the record.
    • Save the message with the mobile app user's public key.
    • Output: Return a successful response (HTTP 200) indicating the message is saved.
  5. Sign In Button Integration API (3rd party app):

    • API Endpoint: Receive the QR code image (encrypted secret) from the ZK phone.
    • Use ZK proofs to verify the encrypted secret and authenticate the user.
    • Output: Return the transaction hash (tx) as a response.
shivam017arora commented 1 year ago

Mobile:

  1. Sign Up: Scan QR Code, generate a random DID and then encrypt it with the QR code received publicKey and sends a request to ZK Auth Server
  2. Sign In: Scan QR Code, generate a proof for having the DID and then send the proof to the blockchain.

Screens:

  1. DIDs (list to see active, option to delete)
  2. SCAN
  3. Settings