User visits a new website that requires authentication from wallet.
- Website displays qrcode or deep link for auth
- User scans qrcode or redirects to wallet
- User approves prompt for auth in wallet
- User returns to website after prompt success
- Website is now authenticated with signed message
User returns to a previously visted website before authentication expiry
- Website checks if user is authenticated from local storage
- Website is now authenticated with signed message
User returns to a previously visted website after authentication expiry
- Website checks if user is authenticated from local storage
- Website sends new request to previously paired wallet
- User is prompted/redirected to wallet
- User approves prompt for auth in wallet
- User returns to website after prompt success
- Website is now authenticated with signed message
A creates random symKey S for pairing topic.
Pairing topic is the hash of symKey S.
A generates keyPair X and generates response topic.
Response topic is the hash of publicKey X.
A will construct an authentication request.
A encrypts request with symKey S.
A publishes encrypted request to topic.
A starts polling messages on response topic.
B subscribes to pairing topic from provided URI
B receives request and decrypts it with symKey S from URI.
B constructs message to be signed from request and signs it.
B generates keyPair Y and generates shared symKey R.
B encrypts response with symKey R as type 1 envelope.
B sends response on response topic.
A receives response and validates signature.
A stops polling messages on response topic.
If signature is valid, then user is authenticated.