FIPA7V1_LogInWithSignature(en-US)



  • FIPA7: LogInWithSignature
    Version: 1
    Language: en-US
    Author: master_wang, C_armX, Deisler-JJ_Sboy
    Status: draft
    Created date: 2021-05-30
    Last modified date:2021-10-15
    File hash: unknown
    Txid: Unpublished
    

    FIPA7V1_LogInWithSignature(en-US)

    Contents

    Introduction

    General rules of FIPA protocols

    Rules specific to this protocol

    Login process

    Data Format

    Return data

    Login process

    Introduction

    
    Protocol type: FIPA
    Serial number: 7
    Protocol name: LogInWithSignature
    Version: 1
    Description : Log in to applications with signatures in different scenarios.
    Author: C_armX, master_wang, Deisler-JJ_Sboy
    Language: zh-CN
    Tags: FIPA, Signature,Log in
    PreVersion hash:
    
    

    General rules of FIPA protocols

    FIPA protocols make improvements to the FCH ecosystem. These improvements will not lead to a hard fork of the main network, and will not write information on the blockchain.

    Rules specific to this protocol

    1. This protocol specifies the ways for using signature of FCH to log in to APPs.

    2. APP uses FCH address as account or binds it to account. The user signs the requested information with the private key of the address and provides the signature to the APP. If the APP verifies the signature successfully, the user is allowed to log in with the corresponding account.

    3. The information that the APP and the user need to confirm includes:

      1. the identifiers of the app to be logged in;
      1. the user's IP requesting login;
      1. the login time stamp;
      1. the FCH address of the user.
        These information ensure that 1) the APP knows who is making a login request from what IP, and 2) the user knows which APP he is logging in and what IP he is using.
    1. The user signs the APP ID, IP and time stamp with the private key of the FCH address. APP verify:
      1. Is the APP ID itself?
      1. Is a valid account bound to the FCH address?
      1. Is the IP consistent with the requesting IP?
      1. Is the time stamp recent?(The effective time length is set by the APP)
      1. Whether the signature is correct.
        If these verification are passed, the user is allowed to log in with the IP. APPs set the valid time or other conditions for login by themselves.
    1. The APP ID can be an AID registered on the FCH chain in accordance with FEIP15, or it can be other identifiers known to both the APP and the user, such as the APP name or url.

    2. Use compressed JSON when signing.

    Login Data Format

    field number field name type length content required
    1 type String 4 Fixed: "FIPA"<br>Case insensitive Y
    2 sn int 1 Serial number<br>Fixed: 8 Y
    3 ver int 1 Fixed: 1 Y
    4 name String 9 Fixed: "LoginWithSignature"<br>Case insensitive N
    5 hash hex 32 Sha256 value of this protocol file N
    6 message.userIP string 15 IP of requesting for login Y
    7 message.appID string 32 The AID or other iidentifiers of the APP to log in Y
    8 message.timeStamp time stamp 10 the time of signing Y
    9 address string 34 the address logging in Y
    10 signature string 93 signature of “message” signed by the private key of “address” Y

    JSON example

    {
        "type": "FIPA",
        "sn": 7,
        "ver": 1,
        "name": "LogInWithSignature",
        "hash": "",
        "message":{
            "userIP": "119.102.1.122",
            "appID": "1cf960e0cf914bf7d19565d304a61a1123600e49eeb12f2fb7988c83cba18bb0",
            "timeStamp": 1435113975
            },
        "address": "FEk41Kqjar45fLDriztUDTUkdki7mmcjWK",
        "signature": "H22+ezXvZZRAbD/4SaXjV6iesQc7SprUAVM7huoG5QE1EAU6Ul8HZZvWrBgHemHCl2dGJKU7sSTWmknl7zmhwF8\u003d"
    }
    

    The message to be signed is:

    {"userIP":"119.102.1.122","appID":"1cf960e0cf914bf7d19565d304a61a1123600e49eeb12f2fb7988c83cba18bb0","timeStamp":1435113975}
    

    Return data

    Data format

    name type
    errorCode int
    errorMessage string

    Data detail

    errorCode errorMessage
    0 Success.
    100 User refused to sign.
    101 The appID is wrong.
    102 The signer was denied access.
    103 The logging in IP is not authorized in the signature
    104 Signature timed out.
    105 The signature failed verification.
    200 The private key was not found.
    300 No response received.

    JSON example

    {
        "errorCode":200, 
        "errorMessage":"Request for signature timed out." 
    }
    

    Login process

    There are three scenarios and processes for signing in with a signature:

    1. Log in to APPs from the entry in a signing tool

    The signing tool is an application that stores the user's private key and can provide signatures.

    The signing tool has the appID of APPs. When the user requests to log in to an APP, the tool can provide the signature and send it to the APP to log in.

    The process is:

    截屏2021-10-15 下午12.34.15.png

    The data sent by the signing tool to the APP is:

    {
        "type": "FIPA",
        "sn": 7,
        "ver": 1,
        "name": "LogInWithSignature",
        "hash": "",
        "message":{
            "userIP": "[The IP used by the user to log in to the app]",
            "appID": "[The AID, APP's name, or APP's url]",
            "timeStamp": [Current time stamp]
            },
        "address": "[FCH Address of the user]",
        "signature": "[Signature of the compressed message value]"
    }
    
    

    2. Log in by scanning QR

    When the APP and the signing tool are on different devices, the APP shows the login QR code to the user, and the user scans the QR to log in with the signing tool.

    The process is:

    截屏2021-10-15 下午12.45.29.png

    The data in the QR is:

    {
        "getUrl":[The url for signing tool to get information of the APP], 
        "putUrl":"[The url for signing tool put signature to the APP]" 
    }
    
    

    The data APP send to signing tool is:

    {
        "type": "FIPA",
        "sn": 7,
        "ver": 1,
        "name": "LogInWithSignature",
        "hash": "",
        "message":{
            "appID": "[The AID, APP's name, or APP's url]",
            }
    }
    
    

    The data signing send to APP is:

    {
        "type": "FIPA",
        "sn": 7,
        "ver": 1,
        "name": "LogInWithSignature",
        "hash": "",
        "message":{
            "userIP": "[The IP used by the user to log in to the app]",
            "appID": "[The AID, APP's name, or APP's url]",
            "timeStamp": [Current time stamp]
            },
        "address": "[FCH Address of the user]",
        "signature": "[Signature of the compressed message value]"
    }
    
    

    3. Log in by waking up the signing tool

    When the APP and the signing tool are on the same device, the user can wake up the signing tool from the APP to sign for login.

    The process is:

    截屏2021-10-15 下午12.38.33.png

    The data APP sending to signing tool is:

    {
        "type": "FIPA",
        "sn": 7,
        "ver": 1,
        "name": "LogInWithSignature",
        "hash": "",
        "message":{
            "appID": "[The AID, APP's name, or APP's url]",
            }
    }
    
    

    The data signing tool sending to APP is:

    {
        "type": "FIPA",
        "sn": 7,
        "ver": 1,
        "name": "LogInWithSignature",
        "hash": "",
        "message":{
            "userIP": "[The IP used by the user to log in to the app]",
            "appID": "[The AID, APP's name, or APP's url]",
            "timeStamp": [Current time stamp]
            },
        "address": "[FCH Address of the user]",
        "signature": "[Signature of the compressed message value]"
    }
    
    

Log in to reply