Saltar contenido

Menú

  • Inicio
  • Noticias
  • Prácticas
  • Quienes somos
  • Contacto

Ibón

Descongelando datos

Making Ethereum Dapps authentication more user friendly

15 octubre, 201816 octubre, 2018 por Victor Cutilla

On this article, we will explain a module we have built that, we think, facilitates and makes more transparent, to the end users, the authentication process of a web site that uses blockchain technology in any or another way.

The eruption of blockchain and the decentralized internet stresses the importance of security. In order to make the Dapps more secured, the Dapps designers make use of technology that somehow enforces the authentication process by adding more user confirmation steps (i.e. Metamask). The problem of this approach is that it makes the authentication process very complex to normal users and less transparent.

The technical requirements for making this work are:

  1. Python 3.6 (libraries listed in requirements.txt)
  2. Web3.js 1.0.0
  3. Browserify ethereumjs_util  See this
  4. Browserify eth-sig-util See this

The code is available here

The module manages the following processes:

SIGNUP PROCESS

1.The user needs to enter a password and, in the background, the application creates an ethereum account, encrypts this account generating a keystore, and puts this keystore in localforage (improved normal JS localstorage).

2.The ethereum account is then used as the login user name and sent to the backend authentication database. The important thing here is that the password doesn´t need to be sent over the network to the backend, making this process more secured.


3.The account is then entered into the backend authentication database and a json web token is sent back to the frontend so the session can be kept opened with no need to login again (the default expiration time of this token is 15 min but it can, of course, be changed)


4.The token is saved to localforage


SIGNIN PROCESS

 

1.On page load, the javascript first checks whether there is a token in localforage.

2.The endpoint “/gettoken” is a python flask function that has the decorator “@jwt_required”. This means that if the token is not valid, it can not even enter into the function. If the token is valid, it enters the function and a message and the account is sent back to the frontend in order to confirm that the token is valid

3.So, if the token is valid, the user does not need to sign in and is logged in automatically

4.If the token is not valid, the application:

a)Checks whether there is a keystore kept locally in localforage. If there is, it decrypts it, take the account, the private key, signs a text with the private key and sends the account and the signed text (signature) to the backend so it can be authenticated (Again, important to notice here that no password is send to the backend making the application more secured)

b)In the backend, it need to make sure the signature belongs to that account


3.If there is not keystore in localforage, the user will need to import a local wallet and the above process will be followed through

 

LOGOUT PROCESS

The token is entered into a revoked token table so it can not be used anymore

Publicado en PrácticasEtiquetado account, authentication, Blockchain, ÐApp, Ethereum, flask, json web token, PassworDoer, python, web3.js

Navegación de entradas

Despliegue De Web ÐApp Con Quorum+Angular+Python+Flask En Un VPS Con Ubuntu 16.04 [4]

Entradas recientes

  • Making Ethereum Dapps authentication more user friendly
  • Despliegue De Web ÐApp Con Quorum+Angular+Python+Flask En Un VPS Con Ubuntu 16.04 [4]
  • Despliegue De Web ÐApp Con Quorum+Angular+Python+Flask En Un VPS Con Ubuntu 16.04 [3]
  • Despliegue de web ÐApp con Quorum+Angular+Python+Flask en un VPS con Ubuntu 16.04 [2]
  • Despliegue de web ÐApp con Quorum+Angular+Python+Flask en un VPS con Ubuntu 16.04

Comentarios recientes

  • Análisis geográfico de líneas de autobús en Barcelona (1/2) – Ibón en Análisis geográfico de líneas de autobús en Barcelona (2/2)
  • Análisis geográfico de líneas de autobús en Barcelona (2/2) – Ibón en Análisis geográfico de líneas de autobús en Barcelona (1/2)

Archivos

  • octubre 2018
  • julio 2018
  • mayo 2018
  • abril 2018
  • enero 2018
  • junio 2017
  • diciembre 2016
  • noviembre 2016
  • octubre 2016

Categorías

  • Ibón
  • Noticias
  • Prácticas

Etiquetas

Barcelona big data Bitcoin Blockchain CherryPy constelación curso códigos postales DApps data science Ethereum EVM flask geth GIS GiveLibAck hadoop hortonworks Instalación intelligent apps IPFS Jupyter Notebook KML knitr líneas líneas autobús Neo4j nodo Open Source polígonos python Quorum R RAFT RSK RStudio Server scraping Solidity SpatialLines SpatialPolygons Storj Ubuntu Server 16.04 VPS WordPress ÐApp
© Iñaki Bergera de todas las fotografías.
Basado en Landscape (DiverseThemes).
Las opiniones vertidas en los artículos de esta web son exclusiva responsabilidad de sus respectivos autores.
© 2021, Ibón