About
About this library
This library works with Django and can authenticate users with SSS-Extension. The server uses the SSS-Extension authentication function and can perform a secure login.
About the authentication mechanism
The library performs authentication as follows: For DH key negotiation, this is done using encrypted messages used in the Symbol-SDK.
- The server sends a request to the user to create a token by sending the server's public key.
- The user uses the server's public key to create a cryptographic token through a DH key agreement.
- The server receives the encrypted token and decrypts it using the server's private key.
- Login is done by comparing the Symbol's pre-registered address (login information list) with the decryption result.
Information is stored on the server
The server stores the following information as login information: It does not store user passwords.
- Symbol address
- Email (optional)
Save the following settings on the server for authentication: The private key you use should only be used to authenticate the server and should not be used for any other purpose.
- Symbol server secret key
- Network type used for authentication
About SSS resolution
Because sssauth requires permission to access SSS, you must grant permission to the web page before using it. After accessing the web page, right-click > select "Link to SSS".