Logging in with Ethereum: an alternative to centralized identity providers

Decentralized financial community 2021-11-23 18:55:34 阅读数:131

logging ethereum alternative centralized identity

Usually at login “web2” The service , We need to use a user name or email address and password . then , The service can find our user name or email address in their internal database , See if the corresponding password matches the password we provided . Generate a random key for further authentication , Usually stored in cookie in .

A new specification EIP-4361: Log in with Ethereum , Hope by using web3 service ( Such as wallets and dapps) Common ways to change our login web2 Way of service .

How it works ?

EIP-4361 Describes existing methods of using signed messages web2 Authentication method of the service . Users can use their own private key ( With the corresponding address ) Authentication , Instead of using a combination of user name and password . for example , You can sign such a message with your own private key :

Example.com wants you to sign in with your Ethereum account:

0x4bbeEB066eD09B7AEd07bF39EEe0460DFa261520

URI: https://example.com/login

Version: 1

Chain ID: 1

Nonce: 12345

Issued At: 2021-11-01T12:25:24Z

 user

stay MyCrypto Sign authentication messages on .

EIP-4361 Use enhanced Backus-Naur Forms (ABNF) A standardized format is defined for these authentication messages , The service that wants to log in can verify these messages . The format follows EIP-191 standard , The specification has been widely supported by many wallets . Login does not require a password , Just sign the message with the private key , It's done. . The server can validate the message and generate a key stored in cookie in .

Use ENS Scatter data

EIP-4361 With Ethereum name service (ENS) Ingenious integration . If an address has a master ENS name ( Also known as reverse recording ) Set , The service can find this master ENS Name and parse the data based on it . for example , You can set your preferred user name 、 Head portrait 、 E-mail address or any other information is stored in ENS In the name .ENS It also allows users to specify the addresses of other networks , Such as bitcoin and Wright coin :

 user

And ENS Some possible fields related to the name .

So you can control your data , And you don't have to web2 Services to store this information about users . This may lead to future use of authenticated 、 The signature of the EIP-191 Message login to authenticated applications becomes the standard , Completely eliminate e-mail / Password combination .

 user

This model is essentially a decentralized 、100% In normal operation 、 All user data “Gravatar”. Data is not held by a private entity , Instead, it is published to the Ethereum blockchain for use by applications . Users will have one identity in multiple applications , All applications are authenticated through the user's Signature Wallet .

版权声明:本文为[Decentralized financial community]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2021/11/20211108200432336g.html