Authentication for Environment
Keeps users in separate environment(s). Role management with credentials to deploy projects.
Immutable sensistive information
User attributes - things that are stored only in attributes
Only a stored encrypted private key - no table storage
Authenticated backend API - only your team can make calls to the backend
JSON Web Tokens and Keys
For verification and validation of user information for login to your app, we leverage JSON Web Tokens (JWT) and JSON Web Keys (JWK).
We do not store any of this user information in a database, this allows us to cut down on rewrites and overall lookups.
Here is an explainer on what a JWT is:
JSON Web Token (JWT) is a compact, URL-safe means of representing
claims to be transferred between two parties. The claims in a JWT
are encoded as a JSON object that is used as the payload of a JSON
Web Signature (JWS) structure or as the plaintext of a JSON Web
Encryption (JWE) structure, enabling the claims to be digitally
signed or integrity protected with a Message Authentication Code
(MAC) and/or encrypted.
Chainstarters uses the JWT as a packet for user information created for authentication.
Here is the user information that we verify using the JWT:
This information comes packaged in an authorization header in order to validate and verify that the user can use the application in the environment selected.
wallet_addressis a crypto value. For more on how we use blockchain, please read the blockchain section.
Here is an explainer on what a JWK is:
structure that represents a cryptographic key. This specification
also defines a JWK Set JSON data structure that represents a set of
JWKs. Cryptographic algorithms and identifiers for use with this
specification are described in the separate JSON Web Algorithms (JWA)
specification and IANA registries established by that specification.
We use the JWK to encrypt the user information that we store and send as a JWT to the authorization header. The process only decodes the user information for the moment that we submit for validation.
Like the JWT, when validation occurs, we do a quick decode to send the user packet to the auth header. For this process, we use
jwk-to-pem to convert the jwk to a pem file.
This takes the guesswork out of authentication at the environment level, allowing you to get into development quickly!