Legacy Authentication
  • 09 Jul 2021
  • 2 Minutes to read
  • Contributors
  • Dark
  • PDF

Legacy Authentication

  • Dark
  • PDF

Authentication for Environment

Keeps users in separate environment(s). Role management with credentials to deploy projects.

Why Cognito

  • Immutable sensistive information

  • User attributes - things that are stored only in attributes

  • Only a stored encrypted private key - no table storage

  • Authenticated backend API - only your team can make calls to the backend


JSON Web Tokens and Keys

For verification and validation of user information for login to your app, we leverage JSON Web Tokens (JWT) and JSON Web Keys (JWK).

We do not store any of this user information in a database, this allows us to cut down on rewrites and overall lookups.


Here is an explainer on what a JWT is:

JSON Web Token (JWT) is a compact, URL-safe means of representing
claims to be transferred between two parties. The claims in a JWT
are encoded as a JSON object that is used as the payload of a JSON
Web Signature (JWS) structure or as the plaintext of a JSON Web
Encryption (JWE) structure, enabling the claims to be digitally
signed or integrity protected with a Message Authentication Code
(MAC) and/or encrypted.

Chainstarters uses the JWT as a packet for user information created for authentication.

Here is the user information that we verify using the JWT:

  • aws_user_id
  • email
  • given_name (first name)
  • family_name (last name)
  • name
  • nickname
  • picture
  • phone_number
  • wallet_address
  • public_key

This information comes packaged in an authorization header in order to validate and verify that the user can use the application in the environment selected.

Note: the wallet_addressis a crypto value. For more on how we use blockchain, please read the blockchain section.


Here is an explainer on what a JWK is:

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification
also defines a JWK Set JSON data structure that represents a set of
JWKs. Cryptographic algorithms and identifiers for use with this
specification are described in the separate JSON Web Algorithms (JWA)
specification and IANA registries established by that specification.

We use the JWK to encrypt the user information that we store and send as a JWT to the authorization header. The process only decodes the user information for the moment that we submit for validation.

Like the JWT, when validation occurs, we do a quick decode to send the user packet to the auth header. For this process, we use jwk-to-pem to convert the jwk to a pem file.

This takes the guesswork out of authentication at the environment level, allowing you to get into development quickly!

Was this article helpful?