StellarAuth - Authenticate using your Stellar account

tyvdh

StellarAuth Authenticate using your Stellar account

To vote visit https://galactictalk.org/d/1977-stellarauth-authenticate-using-your-stellar-account and give the Original Post a like!

Summary: Authentication, identity and security are all hard to get right but Stellar has all of these built in at the core level, so why not take advantage of these features and put them to use for something other than just value transfer? Authentication at its core is simply a process for providing appropriate permissions for specific actions. Stellar transaction submissions are uniquely qualified to provide this service via the signatures concept. You can tweak access nearly infinitely simply by using signers as the block. If a transaction is successfully signed and makes it to the ledger you can rest assured any dependent action now is safe to execute. Take application login for instance. If a Stellar account is tied to a user object you can block access to the user object until the associated Stellar account successfully submits an authentication transaction. Tie that account to StellarGuard and you've got a fully secured multi-signer 2fa authentication flow essentially for free. This is the mission of StellarAuth, a tremendously secure, yet fully flexible permissions service.

Links: - Demo: https://demo.stellarauth.com - Docs: https://github.com/TinyAnvil/stellarauth-serverless/blob/master/README.md - Code: - https://github.com/TinyAnvil/stellarauth-serverless - https://github.com/TinyAnvil/stellarauth-nuxt - https://github.com/TinyAnvil/stellarauth-postgresql

How it works: 1. Make a request to access something secure via a public Stellar account 2. Receive back a partially signed transaction XDR 3. Sign and submit that transaction via your favorite wallet 4. Verify the transaction hash and pass the success or failure to load or block whatever you're securing

Features: - Auth requests must be signed only by the requesting account - Entire transactions are secured not just individual operations - Transactions must be sent and verified by the the ledger not just signature checked - Requests must be timed and valid only for a short period of time - Just because a transaction is valid today doesn't mean it should be valid 2 years from now - Requests should not drain the account of any balance, not even the transaction fee - Transaction fees are covered by the StellarAuth service - Universal support of third party wallets and signing apps (like StellarGuard or Ledger) - Should be able to plug in and use StellarAuth with existing systems

Future features: - Ability to create and manage accounts (think Auth0 meets Authy/Google Authenticator) - https://medium.com/lumenauts/dealing-with-crypto-on-the-client-side-2a79209eb8b5 - Build a widget you could install on your own site (also like Auth0) - Support for Trezor