^ Ask someone who they are
^ make someone write a password down, then ask them who they are and then their password
^ ask someone else to login as anuj
{
name,
signature
}
{
name: "Ice Abuadas",
signature: "Dalia Abuadas"
}
^ Have someone vouch for someone and write it down, have them "login" ^ have someone else copy the grant and login
^ public/private key signing of the grant ^ have someone sign their name on the grant
^ have someone else steal the grant and login ^ have someone else login to the wrong site
const grant = {
name: "Millie",
signature: "Zach Foster",
for: "Francis's website"
}
const code = sha256(grant)
// 17EED0653B985999187A
^ I trust zach and we have a secure way to talk and trust each other ^ and millie logs in and she asks Zach for the code and gives it to me ^ I give it to zach - if it checks out he gives me the grant
{
mutation ($code: String!) {
googleOAuth(input: {code: $code }) {
authToken
}
}
}
const googleOAuth = async code => {
const tokenSet = await getOAuthToken(code)
const { email } = await fetchGoogleProfile(tokenSet)
const user = await graph.User.FINDBY('email', email.toLowerCase())
return generateLoginToken(user)
}
- protects grants from eavesdropping
- protects grants from forgery
- protects users from phishing
^ Grants given to the server not the user
^ thanks!