aljaz/pubky-core
1
0
Fork 0
mirror of https://github.com/aljazceru/pubky-core.git synced 2026-01-31 11:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

docs: Fix formatting in auth.md

Browse Source
This commit is contained in:
Nuh
2024-11-16 11:26:12 +03:00
committed by GitHub
parent 0d8030f7f9
commit 7a0ed55c64
1 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docs/src/spec/auth.md
View File

@@ -62,17 +62,18 @@ pubkyauth:///
&secret=mAa8kGmlrynGzQLteDVW6-WeUGnfvHTpEmbNerbWfPI
```
and finally show that URL as a QR code to the user.
4. The `Authenticator` app scans that QR code, parse the URL, and show a consent form for the user..
5. The user decides whether or not to grant these capabilities to the `3rd Party App`.
6. If the user approves, the `Authenticator` then uses their Keypair, to sign an [AuthToken](#authtoken), then encrypt that token with the `client_secret`, then calculate the `channel_id` by hashing that secret, and send that encrypted token to the callback url, which is the `relay` + `channel_id`.
7. `HTTP Relay` forwards the encrypted AuthToken to the `3rd Party App` frontend.
8. And confirms the delivery with the `Authenticator`
9. `3rd Party App` decrypts the AuthToken using its `client_secret`, read the `pubky` in it, and send it to their `homeserver` to obtain a session.
10. `Homeserver` verifies the session and stores the corresponding `capabilities`.
11. `Homeserver` returns a session Id to the frontend to use in subsequent requests.
12. `3rd Party App` uses the session Id to access some resource at the Homeserver.
13. `Homeserver` checks the session capabilities to see if it is allowed to access that resource.
14. `Homeserver` responds to the `3rd Party App` with the resource.
7. If the user approves, the `Authenticator` then uses their Keypair, to sign an [AuthToken](#authtoken), then encrypt that token with the `client_secret`, then calculate the `channel_id` by hashing that secret, and send that encrypted token to the callback url, which is the `relay` + `channel_id`.
8. `HTTP Relay` forwards the encrypted AuthToken to the `3rd Party App` frontend.
9. And confirms the delivery with the `Authenticator`
10. `3rd Party App` decrypts the AuthToken using its `client_secret`, read the `pubky` in it, and send it to their `homeserver` to obtain a session.
11. `Homeserver` verifies the session and stores the corresponding `capabilities`.
12. `Homeserver` returns a session Id to the frontend to use in subsequent requests.
13. `3rd Party App` uses the session Id to access some resource at the Homeserver.
14. `Homeserver` checks the session capabilities to see if it is allowed to access that resource.
15. `Homeserver` responds to the `3rd Party App` with the resource.
## AuthToken encoding
```abnf