Sessionless is an authentication protocol, which can also be referred to as the SessionLess Authentication Protocol (SLAP). It is meant to be a (the following aren't links, they're on-hover texts) general purpose transport-agnostic multi-language multi-platform authentication protocol with no shared-secret or personally identifying information shared between participants.
You will want to checkout the language, and if necessary the platform, you're interested in in the repo for installation steps. In general, everything is available in the standard package manager system of the given language (i.e. maven for java, and pip for python).
There are four methods that each implementation has. In addition there are two optional method based on how the platform stores sensitive data. For the most part these optional methods are only available in client-side platforms like mobile, and consoles.
The methods are as follows (see API for more details):
Client
generateKeys
- generates a private/public key pair on the secp256k1 elliptical curvesign
- creates a signature of a message string with a private key
Server
verifySignature
- verifies a signature with a public keygenerateUUID
- generates a uuidv4 uuid
Optional
getKeys
- on platforms where secure storage is well-defined we've implemented getKeys within Sessionless rather than having it passed into generateKeys.associate
- convenience method for verifying two signatures to associate a public key with another
A typical registration is for a client to generateKeys
, and then use those keys to sign
a message, and send to the server.
The server can then verifySignature
on the payload received from the client, and grant a uuid with generateUUID
.
Like https (I use the comparison simply for familiarity, and not try to say Sessionless is on the same tier), Sessionless is a protocol that you likely won't just use directly. Instead it's meant to be the protocol layer of an authentication implementation. One example implementation can be found here. More will come, and if you make one feel free to make a pr to link it here.
There are links to more reading for devs, and for ux'ers, and some videos coming soon.
With Sessionless, and any subesequent open source projects I start, I'm trying to make them accessible to all parts of the tech industry. Right now that means focusing on dev, UX, and product, but qa, analytics, customer success, etc. are all welcome. Trust me, there's plenty of work to go around.
To this end, I'm going to try my best to provide domain-specific documentation as an entry point. This is very much a wip, and, as far as I know, not something that there's an established pattern for so all feedback welcome.
Dev | UX | Product |
---|---|---|
README-DEV | README-UX | coming soon |