acebase-server icon indicating copy to clipboard operation
acebase-server copied to clipboard
verified publisher icon appy-one

Ability to add custom authentication function

Open trenta3 opened this issue 3 years ago • 4 comments

I would like to use a custom authentication function for users. My use case consists in having the user_ids be public keys, and I would like to authenticate them by challenging them to encrypt via their private key a short random string, and checking on the server that it can be decrypted via their ids (corresponding to the public key).

I did not find any mention of it being possible in the documentation, but I am confident it shouldn't be too hard to do. And thank you for all the effort into developing such a beautiful piece of code!

trenta3 avatar Apr 22 '22 21:04 trenta3

That sounds like a nice addition! I would not use the user id as public key though, I'd add a new user field public_key that allows one to change their keys later. Signing in would then require 2 new endpoints to start (challenge) and finish (check) the sign in. If you would like to implement this yourself, let me know!

appy-one avatar Apr 29 '22 14:04 appy-one

Glad you liked it. It seems good to me to add a field to user records, and maybe to give a default implementation, but otherwise I feel that it is necessary to leave the ability to customize such functions to the developer due to the wide variety of keys types (factorisation, elliptic curves or lattice-based) and the various kinds of checks that can be performed (diffie-hellman, message signing, etc).

I am still getting familiar with the codebase and I don't have a clear idea of where I would implement those functions.

Il ven 29 apr 2022, 16:38 Ewout Stortenbeker @.***> ha scritto:

That sounds like a nice addition! I would not use the user id as public key though, I'd add a new user field public_key that allows one to change their keys later. Signing in would then require 2 new endpoints to start (challenge) and finish (check) the sign in. if If you would like to implement this yourself, let me know!

— Reply to this email directly, view it on GitHub https://github.com/appy-one/acebase-server/issues/12#issuecomment-1113401230, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACSTYELZZDYSIPSFNCLSRULVHPX75ANCNFSM5UDN7WPQ . You are receiving this because you authored the thread.Message ID: @.***>

trenta3 avatar Apr 29 '22 19:04 trenta3

If you can point me to relevant files and just give a couple of instructions about code style I will give it a try.

trenta3 avatar Apr 29 '22 19:04 trenta3

I think the easiest way to go about this is if you can provide code that:

  • Generates a challenge for the client, preferably in TypeScript. Eg: a function createChallenge that returns (a promise of) a ChallengeRequest object, which contains all necessary details for the client such as the random string to sign/encrypt, method to use etc.
  • Signs a challenge client-side with their private key in a function that returns (a promise of) a ChallengeResponse object that can be sent back to the server
  • Checks a challenge response server-side with a function that accepts a public key, ChallengeRequest and ChallengeResponse, and returns (a promise of) a boolean indicating if the check passed.

I will then handle the implementation of those into server routes and client requests.

What do you think?

appy-one avatar May 06 '22 10:05 appy-one