HiveAuth
HomeGitHub
  • Introduction
    • Authentication
    • Signing and Broadcasting Transactions
    • Why use Hive Authentication Services?
  • Support
  • Developer documentation
    • Protocol description
      • Authentication
      • Transactions
      • Challenge
    • HAS for Applications
      • Connection
      • Encryption key (auth_key)
      • Authentication
        • Authentication request
        • Authentication payload
        • Authentication approval
        • Authentication refusal
        • Errors
        • Expiration
      • Transactions
        • Transaction request
        • Feedback to user
        • Transaction approval
        • Transaction refusal
        • Errors
        • Expiration
      • Challenge
        • Challenge request
        • Feedback to user
        • Challenge approval
        • Challenge refusal
        • Errors
        • Expiration
      • Attach
  • HAS for Wallets (PKSA)
    • Connection
    • Server Encryption Key retrieval
    • Proof of Key
    • Account registration
    • Authentication
      • Authentication payload
      • Authentications request
      • Feedback to user
      • Authentication approval
      • Authentication refusal
      • Errors
    • Transactions
      • Transaction request
      • Feedback to user
      • Transaction approval
      • Transaction refusal
      • Errors
    • Challenge
      • Challenge request
      • Feedback to user
      • Challenge approval
      • Challenge refusal
      • Errors
  • Tutorials
    • App code example
      • HAS Wrapper library
      • HTML code example
      • .NET code example
    • PKSA code example
      • Service Mode
  • Resources
    • Materials
Powered by GitBook
On this page
  • auth_req_data
  • auth_req
  • auth_wait
  1. Developer documentation
  2. HAS for Applications
  3. Authentication

Authentication request

Before sending its request, the APP must create an "authentication request data" object (auth_req_data) it will send to the PKSA

auth_req_data

{
    app: {
        name: string
        description: string = undefined
        icon: string = undefined
    },
    challenge: object = undefined
    token: string = undefined // DEPRECATED - protocol < 1 only
}
  • app: an object describing the application

    • name: short name of the app (ex: "myapp")

    • description: (optional) description of the app (ex: "My Hive Application")

    • icon: (optional) URL to retrieve the application icon (ex: "https://myapp.com/logo.png")

  • challenge: (optional) a challenge_data object that the app can pass to the PKSA for signing (see Challenge request)

  • token: (optional) a valid session token previously received from the PKSA - Deprecated since protocol V1

Sending a challenge to the PKSA with an auth_req enables the APP to perform both an authentication and a challenge signing in one round trip.

Finally, the APP sends its authentication request (auth_req) to the HAS using the following message:

auth_req

{ 
    cmd: "auth_req"
    account: string
    data: string
}
  • account: the Hive account name that the application wants to authenticate

  • data: the Base64 representation of an encrypted auth_req_data object

Providing an existing token with the auth_req simplifies the authentication process. Indeed, if a PKSA stores the token and confirms its validity, it is no longer required to scan a QR code because the PKSA already has the associated auth_key.

The auth_key must be encrypted with the encryption secret (auth_req_secret) it shares with the PKSA service.

example:

{ cmd: "auth_req", account: "username", data: {{encrypted_data_base64}}, auth_key: CryptoJS.Encrypt(auth_key, auth_req_secret) }

The HAS will reply with an auth_wait message

auth_wait

{
    cmd: "auth_wait"
    uuid: string
    expire: number
    account: string
}
  • uuid: a unique identifier given by the HAS to the request

  • expire: UNIX timestamp when the authentication request will expire

  • account: account doing the authentication request

PreviousAuthenticationNextAuthentication payload

Last updated 1 year ago

The APP must then encrypt the auth_req_data object using the auth_key (see )

When using a PKSA running in , the APP must add the auth_key property to the auh_req it sends to the HAS server.

Encryption Key
Service Mode