HiveAuth
Search…
Account registration
The PKSA can register one or more accounts and do it either by issuing one command with multiple accounts or by issuing one command per account.
The PKSA sends the following message to the HAS:

register_req

1
{
2
cmd: "register_req",
3
app: string,
4
accounts: [
5
{
6
name: string
7
key_type: string,
8
challenge: string
9
}
10
{{,...}}
11
]
12
}
Copied!
Properties
  • app: can contain any value identifying the PKSA
  • accounts an array that can contain one or more account objects
    • name: the Hive account name
    • key_type: the key type used to encrypt the challenge. It can be one of posting|active|memo
    • challenge: the current UNIX time encrypted using both the account private key and the HAS server public key
The challenge sent to the HAS for each account allows it to be sure that the PKSA has access to the private keys of the account it wants to register.
This prevents malicious actors from creating a PKSA, registering accounts for which they do not have private keys, and sniffing requests relayed by the HAS.
Each account challenge is built by encrypting the actual UNIX time with both the account's private key and the server's public key. The PKSA can use any account key that is available to it (posting, active or memo) to encrypt the challenge.
The HAS will then:
  • decode the challenge using its own private key
  • ensure the message has been encrypted by the account by matching the public key retrieved from the encrypted challenge with the account public key retrieved from the blockchain.
  • check that the provided UNIX time is within a 10 seconds boundary from its actual time. This check is performed to avoid malicious actors to reuse challenges they could have got their hands on.
The register_req command can be issued multiple times. If an account is already registered, the command will be ignored.
The HAS server will first check that ALL provided accounts exist on the Hive blockchain and return an error if any of them does not exist and cannot be registered.
For each successfully registered account, the HAS server will reply with the following message:

register_ack

1
{
2
cmd: "register_ack",
3
account: string
4
}
Copied!
Properties
  • account: the account that has been successfully registered
Timing
The account registration can be performed before or after the HIVE applications will issue related authentication or transaction requests.
a) If the PKSA registration occurred before the requests are issued, it will receive those requests immediately.
b) If no PKSA is registered when the HAS receives authentication or transaction requests, it will queue them, waiting for a PKSA to register. If no PKSA registers before they expire, requests are discarded.
In both cases, (a) and (b), the APP will be notified of the requests' pending or expired status.
Copy link