Mobile App Authentication (no wallet)

⁠

Authentication Summary for CoffeecApp/WebView/HODA API/NAND API

Authentication Summary for CoffeecApp/WebView/HODA API/NAND API

Source

Target

Authentication Method

CoffeecApp user

CoffeecApp

PhoneNum/PWD

CoffeecApp

UI Elements

SignedCookies

CoffeecApp

WeCore API

SignedCookies

WeCore API

NAND API

JWT Token

There are no rows in this table

⁠

KEY POINTS

The Access Token, generated in CoffeeApp during final user login process, will be used as a trust mechanism. This token can be verified against the Introspection Endpoint and so a trusted block can be created between Mobile App and UI layer. Is it possible to use to call Balance Endpoint? Yes but N-AND prefers all the clients to perform authentication by itself (see JWT Token point)

The JWT Token is generated in the WeCore API layer and it’s used to authenticate against N-And API backend (endpoints in use: balance and introspection). TBD: The token should be one week, we need to cache this token (it’s one for all user) and refresh when it’s needed

The user DID can be obtained calling Introspection Endpoint. The DID is the bridge from user and his wallet

In the step “Generate Signed Cookies” 4 cookies are generated (and then returned to the client) 3 cookies are needed to authenticate next calls

The WebView is initialized with the signed cookies of the previous point, every call t

UI Resources (HTML/JS/CSS) and API From WeCore are protected by signed cookies.

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.