Skip to content

Open Beta - v8.6.0
Compare
Choose a tag to compare
@nsjames nsjames released this 16 Aug 00:20
· 689 commits to master since this release
8.6.0
4c85a40

2 way authentication of application origins

These changes are backwards compatible with older non-authenticated version of scatter-js. However whitelist action permissions will not be available when interacting with non-authenticated apps

This update allows stronger verification of origins to allow for permissions to be validated against specific apps.

Application Key

This key is given to Scatter from the app upon approved connections. The app then saves only a hashed version of it to validate itself against Scatter.

Nonce

Along with the application key a nonce ( randomized uuid ) is sent to Scatter along with every request as well as a hashed version of the next nonce. If a nonce is incorrect and doesn't match the assumed next nonce but the app key is correct permissions are dropped and the user is asked to re-authenticate with the application.

Assets 5
Loading