Introduction

The Scrypta identity system is divided into two fundamental components, the first concerns the management of strictly digital identities, that is, the Lyra addresses; the second concerns the authentication of addresses with external authenticators.

The first component can be managed in various ways, but basically it concerns the .sid files we mentioned in the Scrypta Core documentation. These identity payloads can be managed through:

The second component can be used through an identity gateway, such as the one that Scrypta makes available through the URL: https://me.scrypta.id/ or through other gateways made available by other external subjects.

The identity payloads, whose structure deals only with addresses, have an additional property called identity:

{
"pub":"LLLjx7yV4nhUzSapBAHogb5BdgUR6VCB3o",
"api_secret":"33239857dbe3d37fd35b807578a0132b",
"key":"03097163386854cde5801aec574948e15b9e24c79da65414d4e5588e7140846165",
"prv":"SnvpeER7kdeMFGRimBzV5EJfX2ZfxmAQwin1qAHD2kXb8XRF983g",
"identity": {
Provider: {
"identity": {
"created_at": Timestamp,
"method": Provider,
"username": Username,
"token": TokenReleasedByProvider
},
"fingerprint": PayloadSignedByGateway
}
}
}

As we can guess, for each Provider (Twitter, Github, e-mail) after verification by the Gateway, a payload is written containing:

  • created_at: the operation timestamp.

  • method: a repetition of the provider used.

  • id: the id of the user at the provider.

  • username: the username at the provider.

  • token: the token issued by the provider (which can be used to verify the account).

This payload is signed by the gateway (whose private key must reside within it) and the signature is inserted in the fingerprint property.

This same payload is signed by the address that requires authentication. The signature is written inside the blockchain so that it can be compared for verification with the one presented by the user during the identification phase.

Note. the identity payload is again encrypted and the custody is still left to the user, this to ensure decentralization and security.