Welcome to Sauth!

Are you a developer and looking to integrate Solar authentication in your app?
Meet Sauth, an authentication service that enables your users to login (and logout) using Solar addresses.
Sauth is free to use and built and hosted by block producer emsy.

Introduction

As a developer myself I created several blockchain apps, such as a play to earn game, that uses Solar wallet authentication. Usually duplicated code smells and should get its own central place which inspired me to create a free public authentication service.
The authentication process consists of two actions, login and logout. Each action has their own flow and subprocesses with logging out being the easiest. The app developer has to request a unique message from Sauth which then has to be signed using the mnemonic of the app user at the login stage. Next, the app developer has to verify the signed message with Sauth. If the message is verified Sauth will login the user by sending a transaction to the Solar network. The memo field is used to keep track of the authentication state. The fees to send those transactions are covered by block producer emsy.
Sauth offers
  • ✅ Proof of ownership due to BIP340 message signing.
  • ✅ Storage of authentication state on the Solar network.
  • ✅ Simple HTTP interface to communicate with.

Getting started

Currently it is required to register for an API key in order to use Sauth. This is to prevent malicious use like draining the Sauth wallet by using bots. You can contact emsy on discord (handle in the footer of this page) in order to request a free API key, make sure to provide to following information:

  • - The name of your app (one API key per app, you may request multiple if you like).
  • - Your Telegram or Discord handle (for me to contact you).
emsy has the right to disable API keys at any given time.

Logging in

The login action consists of three steps, requesting a unique message, signing the message using the user's mnemonic and verifying the signed message. The latter will actually login your user by storing the authentication state on chain.
Make sure to perform these steps ONLY at the time the user has entered their mnemonic into your app and clicked the login button. Do NOT store or cache the user's mnemonic, be careful with logging as you don't want to accidentally write mnemonics into logfiles.
1. Authorization
In order for the server to authorize your action it is required for you to provide your API key. You can do this by setting the Authorization header on your HTTP request (Bearer).

Authorization Bearer :apiKey 

2. Requesting a unique message
The app developer has to request a unique message from the Sauth API using the user's public key. Sauth will generate a random message and store this together with the public key to keep a reference required for the verification process.

URL
POST https://sauth.emsy.nl/api/secret 
Body
{"publicKey":"020723cae7319ebd6e96689921789f949aa1896b4707426b1f6202bb131b9f941e"} 
Response
{"secret":"b45bccaa-58df-484b-8599-2e6e69529ef6"}
3. Signing the message
Now that you have the message from step 2 you need the user to sign (BIP340) it using their mnemonic. You could use the @solar-network/crypto package for that. Keep track of the signed message as this is required for step 4.
4. Verifying signed message
At this stage you should have a public key and a signed message. Both are required to proof ownership of the address, the app developer has to verify with Sauth in order to login the address.

URL
GET https://sauth.emsy.nl/api/login/:publicKey/:signedMessage 

Parameters
  • :publicKey string length 66.
  • :signedMessage string length 128.
Response
{"publicKey":"020723cae7319ebd6e96689921789f949aa1896b4707426b1f6202bb131b9f941e","verified":true,"transactionId":"90ecfd7260a138fb9447aebf28681d15c8a3ef10e63ad69fe05577847118da30"}

Logging out

Logging out is the easiest step as you'd only have to send a request to Sauth with the user's public key. This action is stored on the Solar network as Sauth updates the authentication state of the user.

1. Authorization
In order for the server to authorize your action it is required for you to provide your API key. You can do this by setting the Authorization header on your HTTP request (Bearer).

Authorization Bearer :apiKey 

2. Sending the request
The app developer has to send a request to the server in order to logout an address.

URL
GET https://sauth.emsy.nl/api/logout/:publicKey 

Parameters
  • :publicKey string length 66.
Response
{"transactionId":"90ecfd7260a138fb9447aebf28681d15c8a3ef10e63ad69fe05577847118da30"}

Feel free to contact me on the Solar Discord server (emsy#8544) if you need any assistance.

Open Sauth address (Solarscan)