You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/core-concepts/proof-service/authservice.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,17 +3,17 @@ id: as-intro
3
3
title: Web3 Auth, Auth Service
4
4
sidebar_position: 2
5
5
---
6
-
As we already built up the connection between avatar and [other identities](core-concepts/proof-service/ps-intro#supported-platform). The idea of letting DApps have its own version of "Sign-in with Google/Twitter" came out naturally. Auth Service is designed to help DApps realize this capability.
6
+
As we already built up the connection between avatar and [other identities](https://github.com/NextDotID/proof_server#supported). The idea of letting DApps have its own version of "Sign-in with Google/Twitter" came out naturally. Auth Service is designed to help DApps realize this capability.
When a DApp initiates an authorization process, it must specify an `AuthService` instance (We strongly recommend to self-host one) to carry out the authentication. (step 2)
15
15
16
-
`AuthService` begins by authenticating the identity using third-party platforms (e.g., Twitter ID).
16
+
`AuthService` begins by authenticating the identity using third-party platforms (e.g., Twitter ID).
17
17
Once authenticated, `AuthService` queries the [ProofService](./ps-intro) to check the binding avatar result of this identity. (step 3-4)
18
18
19
19
If the authenticated identity is associated with an Avatar, and this Avatar aligns with one of the pre-configured Avatars in `AuthService`, then `AuthService` grants the DApp permission to use the Avatar as its identity for a set experimental duration. (step 5-6)
@@ -28,8 +28,8 @@ The process concludes by redirecting to the DApp with the following parameters(s
28
28
5.`subkey_cert_sig` (string, required): Subkey certification signature signed by Avatar, encoded in Base58.
29
29
6.`sig` (string, required): Signature of `avatar=${avatar}\nredirect_uri={redirect_uri}\nexpired_at=${expired_at}\nstate=${state}` singed by Subkey, encoded in Base58.
30
30
31
-
### Configuration
32
-
Understanding how it operates, the preliminary step before launching an instance of `Auth Service` is to prepare a configuration file.There are three parts.
31
+
### Configuration
32
+
Understanding how it operates, the preliminary step before launching an instance of `Auth Service` is to prepare a configuration file.There are three parts.
33
33
34
34
#### The Avatar and a subkey that is signed by the avatar:
35
35
In the configuration, the list of avatars represents the identity that can be authenticated by this instance of `AuthService`. The private key is used to sign ta message, proving the ownership of the avatar. We strongly recommend using a subkey that is signed by the avatar instead of the avatar itself in the configuration. For enhanced security, it's advisable to generate a unique subkey for specific cases. This not only tailors the security to the situation but also minimizes the risk of exposing the avatar's private key.
Copy file name to clipboardExpand all lines: docs/core-concepts/proof-service/intro.md
+13-12Lines changed: 13 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ sidebar_position: 1
8
8
9
9
10
10
11
-
## How to build the connection
11
+
## How to build the connection
12
12
13
13
### Work Flow
14
14
Use Twitter platform as an example to explain how to use `ProofService` to build a bi-directional binding between a Twitter account and an avatar:
@@ -18,7 +18,7 @@ Use Twitter platform as an example to explain how to use `ProofService` to build
18
18
```
19
19
Struct SignaturePayload {
20
20
action: Action, // create/delete, refer to bind/unbind
21
-
created_at: number, // timestamp
21
+
created_at: number, // timestamp
22
22
platform: Platform;
23
23
identity: string;
24
24
prev :null | string, //the previous create/delete operation signature related to this avatar
@@ -34,11 +34,11 @@ Basically, the generic idea is to prove that the Avatar and another identity bel
34
34
35
35
### Data Structure
36
36
37
-
After the binding, ProofService will use a blockchain-like model called ProofChain to record of "Avatar <-> Identity" connection(we called Proof) and save it in both the ProofService side and upload it to Arweave. The definitions of the proof and proofchain are as the followings.
37
+
After the binding, ProofService will use a blockchain-like model called ProofChain to record of `Avatar <-> Identity` connection(we called Proof) and save it in both the ProofService side and upload it to Arweave. The definitions of the proof and proofchain are as the followings.
38
38
39
39
#### Proof
40
40
41
-
The definition of the proof contains all the necessary information between the connection of "Avatar <-> Identity", contains the operation type that is binding or dismiss, which platform and identity, timestamp, signature by the avatar...
41
+
The definition of the proof contains all the necessary information between the connection of `Avatar <-> Identity`, contains the operation type that is binding or dismiss, which platform and identity, timestamp, signature by the avatar...
42
42
The structure is definied as:
43
43
44
44
```
@@ -62,24 +62,24 @@ interface Proof {
62
62
// If this is genesis link, leave it null; else, it equals
63
63
// previous link's signature. Worked as a pointer.
64
64
prev: Signature | null;
65
-
65
+
66
66
avatar: String;
67
67
action: Action;
68
68
platform: Platform;
69
69
identity: string;
70
-
70
+
71
71
// if action === Action.create, it shouldn't be empty(except ethereum); else, left null
72
72
proof_location: string | null;
73
-
73
+
74
74
// UNIX timestamp (unit: second)
75
75
created_at: number;
76
-
76
+
77
77
// An UUID of this link, works as a global identifier.
78
78
uuid: string;
79
-
79
+
80
80
// See the definition above
81
81
signature_payload: SignaturePayload;
82
-
82
+
83
83
// Signature of this link made by avatar.
84
84
signature: Signature;
85
85
}
@@ -104,10 +104,11 @@ From day one, the connection data in Proof Service to public so that everyone ca
104
104
[API docs](../../rest-api/kvservice-api.md)
105
105
[An example of data in Arweave](https://viewblock.io/arweave/tx/wvzDhXgcglrUWob9CUjTfJ6tj322eCWDKI2bVtU_cx4)
106
106
107
-
Noted that the APIs in the docs contain the API to help bind "Avatar <-> Identity", like `POST /v1/proof/payload` or `POST /v1/proof`, but also serval APIs to query the state of the [proofs](https://github.com/NextDotID/proof_server/blob/develop/docs/api.apib#L160) and [the proofchain under an avatar](https://github.com/NextDotID/proof_server/blob/develop/docs/api.apib#L285).
107
+
Noted that the APIs in the docs contain the API to help bind `Avatar <-> Identity`, like `POST /v1/proof/payload` or `POST /v1/proof`, but also serval APIs to query the state of the [proofs](https://github.com/NextDotID/proof_server/blob/develop/docs/api.apib#L160) and [the proofchain under an avatar](https://github.com/NextDotID/proof_server/blob/develop/docs/api.apib#L285).
108
108
The Arweave example contains the single Proof record and based on the mechanism of Arweave, can keep getting the previous record until Genesis one.
Copy file name to clipboardExpand all lines: docs/core-concepts/relation-service/intro.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ sidebar_position: 1
6
6
7
7
In the preceding chapter, we discussed how to construct an identity graph using `ProofService`. Besides ProofService, there are several other data sources both on-chain and off-chain offering similar connections.`RelationService` aggregates the existing identities from ProofService and the other protocol whose identities are bound to and in parallel to Next.ID, structure the identities with the graph database and finally provide to the public via GraphQL. Hope to open up a range of possibilities for integration with external protocols and build a more comprehensive identity graph.
8
8
9
-
`RelationService` aggregates and indexes the other third-party "identity <-> identity" connections from the data source to enrich the identity graph:
9
+
`RelationService` aggregates and indexes the other third-party `identity <-> identity` connections from the data source to enrich the identity graph:
In this scenario, User requests for a modification on an Application. `KVService` will return the `sign_payload` based on the Application’s `POST /v1/KV/payload`.
0 commit comments