Added QR code auth logic on web. Basically web counterpart of parent diffs in this stack.
Depends on D11330
Details
Details
Diff Detail
Diff Detail
- Repository
- rCOMM Comm
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
| web/account/qr-code-login.react.js | ||
|---|---|---|
| 67 ↗ | (On Diff #38130) | In the SIWE spec, the client always includes a timestamp with the nonce. The server then verifies the recency of the timestamp. Our spec in the whitepaper doesn't seem to mention this sort of thing. I'm not sure it's necessary, given that the identity service already verifies the recency of the nonce. Guessing it would be too much work to change at this point, but figured I'd mention this to see what you think. |
| web/account/qr-code-login.react.js | ||
|---|---|---|
| 67 ↗ | (On Diff #38130) | We've already discussed it. The timestamp is created along with the nonce and is stored server-side. When received a nonce, Identity Service verifies the recency of its timestamp. There's no need to pass it back and forth to the client. Our wallet login nonces work the same. |
| web/account/qr-code-login.react.js | ||
|---|---|---|
| 59–73 ↗ | (On Diff #38130) | this some code that could be unified with native, added to olmAPI - should make things more readable and reduce duplication As discussed in the office, this looks fine for now and @michal will add sign() method to olmAPI and refactor this code in hist stack with moving olm to worker |