BitShares Forum

Main => General Discussion => Topic started by: xeroc on April 12, 2019, 09:01:56 am

Title: BitShares Europe to become OAUTH provider for the BitShares Blockchain (#devs)
Post by: xeroc on April 12, 2019, 09:01:56 am

It is our pleasure to announce a major upgrade to BitShares Europe - the service platform
for the BitShares Blockchain and reference faucet operator.

* Single Signon with Beet
* Developer Integration

Read more:
https://steemit.com/bitshares/@chainsquad/bitshares-europe-to-become-oauth-provider-for-the-bitshares-blockchain-devs

Title: Re: BitShares Europe to become OAUTH provider for the BitShares Blockchain (#devs)
Post by: roelandp on April 28, 2019, 09:16:23 am

thats pretty epic.

Can you elaborate on how one's private keys will be encrypted (but useable) on Bitshares EU server? Or would explaining this be a potential security vulnerability?

Afaik BTS EU server would act as a middle man, validating and exchanging oauth tokens for executing signed operations using private keys right? In this case the presented 'granular' auth-keys proposal by @schiessl (?) (on Bitfest 2018) would be great.

Title: Re: BitShares Europe to become OAUTH provider for the BitShares Blockchain (#devs)
Post by: xeroc on April 28, 2019, 11:24:58 am

@roelandp: The private keys don't leave beet. For authentication on bitshares.eu using BEET, a message (random token) is signed. The signed message is returned and evaluated at the server. If the signature matches the user that tries to sign in, the server grants access to the account.
Oauth2 works on top of that login process.

Again, the key never leaves the BEET app and bitshares.eu never sees your keys.