Skip to content

mohrt/oneblock-server-php

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
api
api
 
 
css
css
 
 
font-awesome
font-awesome
 
 
fonts
fonts
 
 
img
img
 
 
js
js
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
index.php
index.php
 
 
logout.php
logout.php
 
 
oneblock_schema.sql
oneblock_schema.sql
 
 

Repository files navigation

Title: 1Block address authentication server-side API protocol (1Block)
Author: Monte Ohrt @mohrt
Status: Draft

API

  • Run the database schema on your mysql server.
  • Check api/DAO.php for db setup.
  • Place the contents of this repo in the root folder of your web server.
  • Be sure .htaccess is allowed from apache

The 1Block server-side is a REST API that must adhere to the following protocol.

These endpoints can reside on a longer URL path, they are shortened to a single word for brevity.

GET /login

This endpoint will generate a challenge string of the format:

HTTPS: oneblock://{host}/{path}/login?x={nonce}

HTTP: oneblock://{host}/{path}/login?x={nonce}&u=1

host = hostname for service path = URL path to login REST endpoint nonce = unique 32 char hex string

RETURN:

Header: Content-Type: application/json

Body: {"challenge":"CHALLENGE_STRING"}

OPTIONS /login

More recently browsers are checking OPTIONS before a POST. Handle the request and set access control.

headers: Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type

POST /login

headers: Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type

This endpoint needs to use a Bitcoin library to verify the signature against the public address. if valid, the address is used to identify the account (or register a new one if applicable.) It will respond with 200 for success and 403 for invalid. It willreturn a JSON payload of:

{"hasRevoke":1}

or

{"hasRevoke":0, "revokeURL":"URL"}

If this is an existing account hasRevoke will be set to 1. If not, a revokeURL must be supplied, something like: "https://host.dom/path/to/setrevoke". The client will then respond with the revoke information to this endpoint. This happens only for new

POST /check

This endpoint is repeatedly checked from the website to see if a successful login has been completed. If so it sets up the session redirects the user to a logged in page.

POST /setrevoke

This is the endpoint to set the revoke data on a new account. This happens on the first registration of the ID.

OPTIONS /setrevoke

More recently browsers are checking OPTIONS before a POST. Handle the request and set access control.

headers: Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type

POST /revoke

This is the endpoint to revoke and replace an ID.

OPTIONS /revoke

More recently browsers are checking OPTIONS before a POST. Handle the request and set access control.

headers: Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages