SIP for Authentication Protocol

[friedger]

This SIP defines a authentication protocol used by Stacks apps.

The current version has (hopefully) all the required information about the protocol as it is currently used.

I changed three properties of the auth response: hubUrl -> hub_url and associationToken -> association_token. profile.stxAddress-> stx_address.

I added state to the auth messages as defined in OAuth 2.0.

It is recommended to use did:stacks:v2 instead of did:btc-addr

For the public profile, this spec uses the Verifiable Credential model. The VC spec was chosen because it now has W3C Recommendation status.

[friedger]

After the description of the current protocol 1.3.1, I have updated the spec to 2.0.0 in https://github.com/stacksgov/sips/pull/50/commits/7b35de622fceae1d7d31634985cfcc5ee5115f14 using verifiable credentials and better definition of the issuers.

[aulneau]

I'm in the process of building a new library that implements this SIP in micro-stacks and I have a few questions:

In the auth request area:

manifest_uri: is this required anymore? I don't think we need it. Can you describe use cases for this? redirect_uri: this is also not used anymore in the context of extension/native based wallets. this seems to be a hold over from early blockstack days.

In the auth response section:

core_token: is this needed? I don't think anything uses this, nor generates a token for it. email wouldn't this be better in some profile? nothing uses this to date