Authentication
Last updated
Last updated
The process of a user using INTO ID to log in to a third-party community that supports INTO ID is shown in the figure below
To access specific user information, third-party communities must first register on the INTO platform. When an end-user logs in, the community can request authorization to access certain information based on its specific needs;
When a user logs into their INTO ID account, a third-party community may request authorization to access specific information such as personal data and social relationships. To illustrate, let's consider the authorization process for social relationships. The diagram below shows the sequence of steps involved:
Here we aim to strike a balance between user convenience and security. Once a user grants access to a community, there is no need to repeatedly authorize access within a certain time frame. As DSB holds the user's private key, it eliminates the need for Auth2.0 and enables authorization through a private key signature. We use the Elliptic Curve Digital Signature Algorithm (ECDSA) to generate and verify the signature. For more information on the algorithm, please refer to the relevant resources