How Does It Work?

Blockin provides the tools needed for every step of the authorization process.

We recommend first checking out the Blockin Demo to get a simpler, more visual demonstration first. This demo will show you what Blockin will look like to the end user. Or, check out BitBadges.

Use Cases

The main use case we envision for Blockin is websites / applications. Access to the website (or specific features) can be gated by Blockin.

However, Blockin is not limited to just websites. It can be used for any use case where authentication is needed and can be especially useful in offline settings with no internet access.

Execution Flow

1. Generate: First, a sign-in challenge message is generated.

   • This is a human-readable message that outlines all the details of the sign-in attempt (expiration date, privileges, what they need to own to get sign-in access, etc).

   https://bitbadges.io wants you to sign in with your Ethereum account:
   0xb48B65D09aaCe9d3EBDE4De409Ef18556eb53085
   
   Sign this message only if prompted by a trusted party. The signature of this message can be used to authenticate you on BitBadges. By signing, you agree to the BitBadges privacy policy and terms of service.
   
   URI: https://bitbadges.io
   Version: 1
   Chain ID: 1
   Nonce: cPW1vKj0xfTFlrUab
   Issued At: 2024-01-21T18:35:21.141Z
   Expiration Time: 2024-02-04T16:11:29.880Z
   Resources:
   Asset Ownership Requirements:
   - Requirement A1-1 (satisfied if one of B1 is satisfied):
     - Requirement B1-1:
         Chain: BitBadges
         Collection ID: 1
         Asset IDs: 8 to 8
         Ownership Time: Authentication Time
         Ownership Amount: x1
   
     - Requirement B1-2:
         Chain: BitBadges
         Collection ID: 1
         Asset IDs: 9 to 9
         Ownership Time: Authentication Time
         Ownership Amount: x1

2. Sign: Second, the challenge message is sent to the user. If the user approves of all the sign-in details, they will sign this message with their private key from a blockchain of their choice. This (challenge, signature) pair is then sent back to the resource provider.

   • Note that this is just a signature, so it doesn't cost anything and doesn't add anything (such as a transaction) on the blockchain.

   • It is also offline, meaning signing and verifying challenges can also be done in an offline setting.

3. Verify: The resource provider will verify the (challenge, signature) pair with the help of the Blockin library. If everything is good, the resource provider can then authorize the user.

   • The verification process natively includes checking the user's ownership of on-chain assets / tokens. This can be done in an online manner (fetch the current blockchain state) or offline manner (manually provide a snapshot of balances).

Requirement Levels

The message consists of requirement levels (A1-1, B1-2, etc). To be approved, you ALWAYS need to satisfy all A level requirements. In order to satisfy, you may need to satisfy one or more B level requirements, which may require C requirements, and so on.