Skip to content

Instantly share code, notes, and snippets.

@jdogresorg
Last active November 20, 2016 20:11
Show Gist options
  • Save jdogresorg/782d697c610f543ad0d7da615160a4b2 to your computer and use it in GitHub Desktop.
Save jdogresorg/782d697c610f543ad0d7da615160a4b2 to your computer and use it in GitHub Desktop.
Description of Authparty authentication scheme which extends the counterparty: url scheme to support actions and callbacks
  Title: QR Authorization spec
  Author: Jeremy Johnson 
  Status: Draft
  Type: Informational
  Created: 2016-11-20

This extends the counterparty url scheme to add support for message signing and a callback

counterparty:<address>?[message=<message>][action=<action>][callback=<url>]

Additional Query keys

  • action: action to perform [sign, broadcast, bet]
  • callback: URL to do form POST callback to

Callback

A callback to the specified url will be called once the action is performed, and any data will be passed via a POST request.

The callback URL must be a valid URL beginning with http: or https:

When passing querystring parameters for a callback url, the URL must be a URL encoded value.

URL:

https://www.domain.com/folder/script.php?api_key=keyhere&foo=bar

Encoded URL:

https%3A%2F%2Fwww.domain.com%2Ffolder%2Fscript.php%3Fapi_key%3Dkeyhere%26foo%3Dbar

sign Callback Data

When the action is sign the callback data will contain :

  • address: address that signed the message
  • message: message that was signed
  • signature: signature of message signed with address

The callback data will also include any querystring parameters specified in the callback url.

Examples

Sign message with address and return data to callback url:

counterparty:1FwkKA9cqpNRFTpVaokdRjT9Xamvebrwcu?action=sign&message=Authparty+Login+BJybUUzYzVuHaUd&callback=https://domain.com/script.php

Broadcast message from address:

counterparty:1FwkKA9cqpNRFTpVaokdRjT9Xamvebrwcu?action=broadcast&message=AUTHPARTY+VERIFY-ADDRESS+UMIXIJAnvwbZDax

UI Suggestions

If action is specified, verify action with user to ensure action is truly desired.

If no address is provided (counterparty:?), prompt user to select address, or use current/default address.

If action is sign and no callback is specified, display the sign message dialog to the user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment