# Mod sign OpenID #### Register credential sequence {% @mermaid/diagram content="sequenceDiagram participant User participant User participant DApp participant Account participant ModSign as ModSignOpenID User->>DApp: Initiate OpenID authentication DApp->>ModSign: request\_authentication ModSign->>User: Redirect to OpenID provider User->>OpenID Provider: Authenticate and authorize OpenID Provider-->>User: Return authorization code User->>ModSign: Submit authorization code ModSign->>ModSign: Exchange code for ID token ModSign-->>DApp: Return ID token and user claims DApp->>Account: register\_openid\_user(id\_token) Account->>ModSign: Store OpenID user association Account-->>DApp: Confirm registration DApp-->>User: Display registration success " %} #### Signature validation sequence {% @mermaid/diagram content="sequenceDiagram participant User participant DApp participant Account participant ModValidation as ValidationModule participant ModSign as ModSignOpenID User->>DApp: Request token transfer DApp->>Account: execute\_user(token\_transfer\_operation) Account->>Account: Select validation module based on scope Account->>ModValidation: is\_valid\_operation(token\_transfer\_operation) ModValidation->>Account: is\_valid\_signature(signature) Account->>Account: Select sign module Account->>ModSign: verify\_openid\_signature(id\_token) ModSign->>ModSign: Decode and verify ID token ModSign->>OpenID Provider: Retrieve public key for token validation OpenID Provider-->>ModSign: Return public key ModSign->>ModSign: Validate token signature using public key ModSign-->>Account: Return (valid/invalid) ModValidation-->>Account: Return (valid/invalid) Account->>Account: Execute token transfer operation Account-->>DApp: Return transaction status" %} ### **Overview** `ModSignOpenID` is a module within the Veive protocol that introduces authentication and signing via OpenID Connect. OpenID Connect is an authentication standard based on OAuth 2.0 that allows users to authenticate using external identity providers. This module enables linking an OpenID account to a Veive address and validating signatures based on ID tokens issued by the provider. ### **Purpose** OpenID Connect is a widely adopted authentication protocol supported by major providers such as Google, Microsoft, and others. This means that with a single click, users from the Web2 ecosystem can seamlessly interact with blockchain-based applications without needing to create new credentials. By leveraging OpenID Connect, Veive significantly lowers the entry barrier to blockchain adoption, making it accessible to a broader audience while ensuring security and interoperability. #### **Key Components in WebAuthn** * **ID Token**: A token signed by the OpenID provider containing user authentication information. * **Public Key**: The OpenID provider's public key used to verify the ID token signature. * **User Claims**: Information about the user returned by the OpenID provider. #### **How `ModSignWebauthn` Works** 1. **Registration**: * Users register by authenticating via an OpenID provider, which generates an ID token. The `register_openid_user` method stores the association between the OpenID user ID and the Veive account. 2. **Signature Validation**: * When an operation requires an OpenID signature, the `verify_openid_signature` method is called to validate its authenticity. This process includes: 1. Decoding the ID token to extract the `header`, `payload`, and `signature`. 2. Retrieving the OpenID provider's public key to validate the signature. 3. Verifying the ID token signature using the provider's `public key`. 4. Checking the claims to ensure the operation is authorized by the user. If all steps are successful, the operation is approved.