HiveAuth
Search…
HiveAuth
Introduction
Support
Developer documentation
Protocol description
HAS for Applications
HAS for Wallets (PKSA)
Connection
Authentication
Authentication payload
Server encryption key Retrieval
Account registration
Authentications request
Feedback to user
Authentication approval
Authentication refusal
Errors
Transactions
Challenge
Tutorials
App code example
PKSA code example
Resources
Applications
Materials
Powered By GitBook
Authentications request
After reading the auth_req_payload and registering an account with the HAS, the PKSA will start to receive registered account authentication request with the message:

auth_req

1
{
2
cmd: "auth_req",
3
account: string,
4
data: string,
5
uuid: string,
6
expire: number
7
}
Copied!
Properties
  • account: the Hive account name that an application wants to authenticate
  • data: the Base64 representation of an encrypted auth_req_data object
  • uuid: the request identifier
  • expire: UNIX time when the request will expire
The structure of the auth_req_data is:

auth_req_data

1
{
2
app: {
3
name: string,
4
description: string = undefined,
5
icon: string = undefined
6
},
7
token: string = undefined
8
challenge : object = undefined
9
}
Copied!
Properties
  • app: an object describing the application
    • name: short name of the app (ex: "peakd")
    • description: (optional) description of the app (ex: "Peakd for Hive")
    • icon: (optional) URL to retrieve the application icon (ex: "https://peakd.com/logo.png")
  • token: (optional) a valid session token previously received from the PKSA
  • challenge: (optional) a challenge_data object that the app can pass to the PKSA for signing (see Challenge request).
The PKSA must decrypt the auth_req_data object using the encryption key previously shared with the PKSA (auth_key). By encrypting the auth_req_data object, the HAS will be unaware of what's going on between the app and the PKSA and unable to tamper with the authentication request process.
The PKSA should verify that the uuid found in the auth_req message matches the one from the auth_req_payload and ignore any message with a mismatching uuid
A PKSA which doesn't manage an account:
  • will not be able to register that account to the HAS and therefore will not receive the related auth_req requests
  • should ignore and not reply to an auth_req request it can't process with an 'auth_err' (edge case where it registered the account but removed it from its managed accounts before getting the auth_req message)
Previous
Account registration
Next
Feedback to user
Last modified 2mo ago
Copy link
Contents
auth_req
auth_req_data