Veive
  • What is VEIVE?
  • Introduction
  • The problem
  • Protocol
    • Features
    • Typical flow
    • Used technologies
    • Identity creation and verification
    • Pre-authorization
  • Use-cases
    • Konio Wallet
  • Framework
    • Difference from ERC-7579 standard
    • Account
    • Module types
      • Validation modules
      • Execution modules
      • Sign modules
      • Hooks modules
    • Core modules
      • Mod validation signature
      • Mod allowance
      • Mod execution any
      • Mod sign WebauthN
      • Mod sign OpenID
      • Mod validation multisign
      • Mod sign Mnemonic
  • Strategies
    • Community involvement
    • Business
    • Protocol Adoption
  • Objectives and success metrics
  • Roadmap
  • Conclusion
Powered by GitBook
On this page
  • Overview
  • Purpose
  1. Framework
  2. Core modules

Mod sign OpenID

PreviousMod sign WebauthNNextMod validation multisign

Last updated 3 months ago

Register credential sequence

Signature validation sequence

Overview

ModSignOpenID is a module within the Veive protocol that introduces authentication and signing via OpenID Connect. OpenID Connect is an authentication standard based on OAuth 2.0 that allows users to authenticate using external identity providers. This module enables linking an OpenID account to a Veive address and validating signatures based on ID tokens issued by the provider.

Purpose

OpenID Connect is a widely adopted authentication protocol supported by major providers such as Google, Microsoft, and others. This means that with a single click, users from the Web2 ecosystem can seamlessly interact with blockchain-based applications without needing to create new credentials. By leveraging OpenID Connect, Veive significantly lowers the entry barrier to blockchain adoption, making it accessible to a broader audience while ensuring security and interoperability.

Key Components in WebAuthn

  • ID Token: A token signed by the OpenID provider containing user authentication information.

  • Public Key: The OpenID provider's public key used to verify the ID token signature.

  • User Claims: Information about the user returned by the OpenID provider.

How ModSignWebauthn Works

  1. Registration:

    • Users register by authenticating via an OpenID provider, which generates an ID token. The register_openid_user method stores the association between the OpenID user ID and the Veive account.

  2. Signature Validation:

    • When an operation requires an OpenID signature, the verify_openid_signature method is called to validate its authenticity. This process includes:

      1. Decoding the ID token to extract the header, payload, and signature.

      2. Retrieving the OpenID provider's public key to validate the signature.

      3. Verifying the ID token signature using the provider's public key.

      4. Checking the claims to ensure the operation is authorized by the user.

      If all steps are successful, the operation is approved.