Documentation

[varsha766]

1. Implementation using web-socket

Hypersign-auth-js-sdk use websocket to communicate to client or browser. In websocket once we establish a connection we need not to poll server every time whether user is authenticated or not, server send message every time it get any information.
Sequence Diagram
Step to authenticate user using hypersign-sdk

1. User visits the browser (Relying Party Client)and enter the URL to go to login page.It establishes a connection with Relying party server using web-socket.
2. Relying Party Client requests Relying Party Server to start a new session.
3. Relying Party Server generates new Challenge message.
4. Challenge message is sent to Relying Party Client using websocket.
5. Challenge message is shown in the form of QR code or Hypersign Login button. When User click on button or Scan QR code challenge message goes to Hypersign Identity wallet.
6. Wallet has users private key and using digital signature message is signed with users private key.
7. Challenge message and signature is sent to Relying party server via /auth API.
8. Server verifies the signature with the help of users public key using authenticate middleware. And sends a success/ failure message to Hypersign Identity wallet.
9. Wallet window closes after getting notification.
10. Relying party Server also notify to the Relying Party client that user is authenticated and also send accessToken.
11. accessToken is stored in local storage for authorization.
12. Close Websocket connection and give access to user.

2. Implementation using poll mechanism

We can also use polling mechanism to establish connection to node server and browser. For implementing this we have to use two more APIs one for creating new-session (let say "/challenge" API) and another to poll (let say "/poll" API) every time to check whether user is authorized or not.
Sequence Diagram
Steps to authenticate a user using Hypersign Auth Sdk

1. User visits the browser (Relying Party Client)and enter the URL(lets say http://localhost:5000) to go to login page.
2. Relying Party client request Relying Party server for new session by calling /challenge API .
3. Relying Party Server generates new Challenge message.
4. Challenge message is sent to the Relying Party Client.
5. Relying Party client show this message in the form of QR code or Hypersign Login button.
6. At this point polling starts Relying Party Client continues to poll Relying Party Server using /poll API to know whether user is authenticated or not.
7. Until user get authenticated relying Party Server send "unauthenticated" as response to Relying Party Client polling request.
8. When User click on Hypersign login button or Scan QR code challenge message goes to wallet.
9. Wallet has user private key and using digital signature message is signed with users private key.
10. Challenge message and signature is sent to Relying Party Server via /auth API .
11. Relying Party Server verifies the signature with users public key using authenticate middleware. And send a success/ failure message to Hypersign Identity wallet.
12. Hypersign Identity Wallet window get closed.
13. At this point Relying Party Server sends "authenticated" as response of polling request (Relying Party Client sending this request continuously in fixed time-interval ) and accessToken is passed to Relying Party Client.
14. Relying Party Client stores accessToken in local storage for user authorization.
15. Polling ends.
16. User got access.