Created on 23rd January 2022
•
Simply login with your crypto wallet.
No external passwords to remember.
Privacy is controlled as all your data is linked only to the wallet address, not any social profiles.
User sends the wallet address → server, server generates a message that will be signed by the wallet.
The wallet then signs the message, the signature along with the wallet address is sent to the server.
Using decrypting functions, the signature & the message is used to obtain the public key.
This public key is used to derive the address, and the resulting address is then compared to the address received by the server.
The above concepts are utilized to generate authentication states for users & the aim is to build a firebase/auth0 like SaaS providing decentralized login services.
Ensuring that the nonce generated is truly random, we decided to implement the nonce generation on the server and then send it to the user rather than generating it on the client.
Earlier, the length of the generated nonce was smaller than 65bytes, thereby causing errors in the ethers library when decrypting the hashed signature, fixed that by appending the nonce to a user-welcome message.
As far as architectural challenges are concerned, the decision has been to go with redis over traditional sql based databases.