This bounty is no longer available
Web3 DAO | gooddollar Logo

Login With G$ SDK - 3500$ worth of G$

Organization

gooddollar

Deadline

in over 262 years

Status

ENDED
3500 USD

INSTRUCTIONS

Motivation

  • G$ Wallet should also work as "self sovereign identity" so users can easily register to services that work with G$s.
  • More over , each claimer is verified as a unique human being, which acts as a very good spam/bot prevention which is very useful for any service that requires registration.

Details

The bounty has two parts, one for implementing this feature in the wallet and the second part is for creating an SDK for developers that want to integrate it with websites and apps.

The login process is simple:

  • The website/app shows a link/button/QR code to the user which opens https://wallet.gooddollar.org/loginwith/?login=encodedrequest
  • The wallet then shows the user a confirmation screen with the request details
  • If user confirms/denies then wallet sends data via callback url or redirect url
  • The website/app parses the response and continues its own the login flow

Login link

  • [ ] create a separate package "LoginSDK" that handles login link creation/parsing
  • [ ] add a method to generate the link. it has the form of "https://wallet.gooddollar.org/loginwith/?login=" + encoded request
    • [ ] the encoded request is a json object encoded with base64 and encodeURIComponent
    • [ ] the request object has the following fields
      • v: string - name of the vendor
      • web: url - vendor url
      • id: string - vendor whitelisted G$ address
      • cbu: url - callback url
      • rdu: url - redirect url
      • r: array - an array with extra user information fields requested (ie mobile,location,email,avatar,name)
  • [ ] add a method to parse a payment link and return an object/class with long field names (ie vendor for v etc..)
  • see share/index.js in GoodDAPP for similar link handling example
  • [ ] unit tests

Wallet Changes

  • [ ] add the loginwith route
  • [ ] create a confirmation screen
    • [ ] show the details of the vendor
    • [ ] show the details the vendor requests and the values that will be shared
    • [ ] if cbu/rdu domain is different than web domain show warning
    • [ ] if id (wallet address of vendor) is not whitelisted show warning
    • [ ] mobile/location/email/name should be editable by user (see payment confirmation screen for example)
  • [ ] handle user response
    • [ ] if user declines send error object via POST to the cbu and a base64 encoded via rdu
    • [ ] if user confirms send the response object with the fields:
      • a: string - wallet address
      • v: bool - true if user address is whitelisted
      • l: string - user location
      • n: string - user name
      • e: string - user email
      • m: string - user mobile
      • av: string - user small avatar CID on ipfs
      • nonce: number - timestamp of response
      • sig: all of the response signed by the user wallet(address) private key
    • [ ]  details fields (location, email,mobile) should actually be a pair v,s, where v is the actual value and s is the signed value by GoodDollar if available, so for example a response containing just the user mobile would look like: {m: {v:'+97255111111', s:signaturebytes}}
    • [ ] sign the stringified json object keccak256 hash using the user wallet private key. so vendor can verify user actually owns the address he sent + that he sent those details. add the signature as the sig field
    • [ ] send data to rdu/cbu
      • [ ] if rdu is supplied then wallet should modify the current window url to the rdu url and append the param login with value of encodeURIComponent(btoa(JSON.stringify(responseObject)))
      • [ ] if cbu is supplied the perform a post request and send the responseObject as plain json
      • [ ] if only cbu is supplied then after POST request is success, close the current window -[ ] unit tests

Server LoginSDK

  • [ ] add method to parse and verify login response
    • verify sig matches the response object and that it was done by the address specified in a
    • verify nonce is not too old
    • verify on blockchain from Identity contract that address is still whitelisted if v was true
  • [ ] unit tests

Client LoginSDK

  • [ ] add react component that handles the login flow from the website/app perspective
  • [ ] show a login button that opens the login link
  • [ ] in case of rdu current window url changes to the login link on button press
  • [ ] in case of cbu button press opens a popup window with the login link
  • [ ] component should receive onLogin callback in props
  • [ ] in case of cbu, component should detect when popup was closed and then call the onLogin callback (it is the responsibility of the developer to take care of the rest of the flow and making sure callback was triggered on backend)
  • [ ] in case of rdu, component should parse the window url on mount and look for the login param, to identify the case of redirect back from wallet. if login param was found it should parse the response and verify it, using the LoginSDK and trigger the onLogin with the SDK result
  • [ ] unit tests

Documentation

Write a README with instructions how to use the API