uniauth
| Crates.io | uniauth |
| lib.rs | uniauth |
| version | 2.1.1 |
| source | src |
| created_at | 2022-06-09 23:44:25.932879 |
| updated_at | 2022-08-20 12:57:27.013182 |
| description | Easy-to-use abstraction over authentication |
| homepage | |
| repository | https://gitgud.io/deltanedas/uniauth |
| max_upload_size | |
| id | 602942 |
| size | 59,015 |
(deltanedas)
documentation
README
Uniauth
Easy-to-use abstraction over authentication.
How it works
- Application tells the server of a requested action (for example, to log in) and asks for a nonce.
- Server issues a nonce which will never be used again.
- Application tells the user's local uniauth daemon to sign a challenge using the nonce, service name and username.
- User authenticates/authorizes the action.
- Daemon signs the challenge and response is sent from the application to the server.
- Server verifies the challenge against the user's key(s).
Server
Servers only store public keys, if/when the server is compromised the attacker cannot do anything with them.
Daemon
Uniauth daemons can do anything, from being completely autonomous to using a hardware authenticator.
Signature Algorithms
The application-daemon protocol supports any algorithm with signatures and keys under 65516 bytes long.
Currently Ed25519 and CRYSTALS-Dilithium3 are supported, Ed25519 has tiny signatures and keys, but Dilithium3 is post-quantum safe.