Pull up MYKEY for authentication binding. See the class definition for the parameters: and
For greater security, dapp can set CallBackUrl for server-side verification.
MYKEY will post the signed data to CallBackUrl which provided by dapp, server-side of DApp should verify the signature, dapp server should query the user's ReserveKey from MYKEY SmartContract data to verify the signature, see detail in .
The format of the data post to CallBackUrl:
{
"protocol":"", // protocol name,Use init method, protocol name is 'MYKEY', use initSimple to init, protocol name is 'MYKEYSimple'
"version":"", // Version,1.0
"dapp_key":"", // DAPP_KEY assigned by MYKEY,contact MYKEY team to apply. In simple mode, it is null
"uuID":"", // user id,dapp passed it in init method;In simple mode, it is device id
"sign":"", // eos signature, sign data:timestamp + account + uuID + ref
"ref":"", // ref, mykey
"timestamp":"", // UNIX timestamp, accurate to second
"account":"", // eos account name
"chain": "" // value could be ANY, EOS, ETH,or not pass this param
}
Verify signature:
// generate unsignedMessage
let unsignedData = timestamp + account + uuID + ref
// publicKey: ReserveKey of MYKEY,can be quired from SmartContract https://github.com/mykeylab/Documentation/blob/master/English/MYKEY%20on%20EOSIO.md#keys-in-table-keydata
ecc.verify(signature, unsignedData, pubkey) === true
dapp should provide response of CallBackUrl call to MYKEY:
{
"code":0, // error code,=0 is success. >0, dapp should describe error in message.
"message":"" // message
}