Passport
  • 👩‍💻Welcome
  • How Passport Works
    • Overview
    • Background
      • Threshold Cryptography
      • Secure Multi-Party Computation
      • Distributed Architecture
      • Secure Enclaves
    • In Depth
      • Under the Hood
      • User Flows and Account Controls
      • The Halides Model
      • End-to-End Encryption
      • Security
      • Node Operation
  • guides and examples
    • Getting Started
    • Quickstarts and Examples
      • Passkey Account
      • Clerk Auth
      • Lambda Quickstart
  • Authentication
    • Overview
    • Configuring your scope
    • Passkeys
      • Registration
        • Register using SDK
        • Register using API
          • Initiate Registration
          • Complete Registration
      • Authentication
        • Authenticating with SDK
        • Authenticating with API
          • Initiate Authentication
          • Complete Authentication
    • Developer Owned Auth
      • Registration
        • Register using SDK
        • Register using API
          • Delegate Registration
  • Wallet Operations
    • Overview
    • Passkeys Signer
      • Sign Message
        • Sign Message SDK
        • Sign Message API
      • Sign Transaction
        • Sign Transaction SDK
        • Sign Transaction API
    • DOA Signer
      • Sign Message
        • Sign Message SDK
        • Sign Message API
      • Sign Transaction
        • Sign Transaction SDK
        • Sign Transaction API
    • Viem Support
  • Programmability
    • Overview
    • Passport Lambda
    • Lambda Functions
      • Create Lambda
        • Create Lambda SDK
        • Create Lambda API
      • Execute Lambda
        • Execute Lambda SDK
        • Execute Lambda API
      • List Lambda
        • List Lambda SDK
        • List Lambda API
  • Appendix
    • Moving to Mainnet
    • State Of The Network
    • Generating DOA Keys
    • API Request Setup
      • Unauthenticated Requests
      • Authenticated Requests
Powered by GitBook
On this page
  • Request Spec
  • Response Spec
  • Request Example
  • Response Example
  1. Authentication
  2. Developer Owned Auth
  3. Registration
  4. Register using API

Delegate Registration

PreviousRegister using APINextOverview

Last updated 1 year ago

To register a user with DOA using the API you first need to make sure you have the values for your request headers set up by following the Unauthenticated Requests setup guide.

Once you have your values for X-Scope-Id, X-Encrypted-User and X-Encrypted-Key setup, You can now initiate a delegated user registration.

Post that, you would need your own unique private key which you would use for signing. Follow the below guide ot generate it. Generating DOA Keys

The delegateRegister method registers a specific user within a specific scope. It generates user blockchain account on the backend and returns account_id and identifier_hash back.

Request Spec

HTTP Method: POST

    • X-Scope-Id: A UUID string representing the application scope.

    • X-Encrypted-Key: A string containing the encrypted key for secure communication.

  • Body:

    • encrypted_credential: A JSON object carrying the attestation with its signature

    • encrypted_user: User details json encrypted using aes key

const cryptoObj = typeof window !== "undefined" ? window.crypto : crypto;

const decrypt = async (algo, key, data) => {
  try {
    const decryptedResult = await cryptoObj.subtle.decrypt(algo, key, data);
    return decryptedResult;
  } catch (error) {
    console.error("Decryption error:", error);
    throw error;
  }
};

const aesDecrypt = async (
  cipherText: string,
  encryptionKey: BufferSource,
  keyFormat: "raw" = "raw",
  keyLength: number = 256
) => {
  if (!encryptionKey) {
    throw Error("Encryption key not initialized");
  }
  let cryptoKey: CryptoKey;
  let decryptedData: ArrayBuffer;

  try {
    const combined = Uint8Array.from(atob(cipherText), (c) => c.charCodeAt(0));
    const iv = combined.slice(0, 12);
    const encryptedData = combined.slice(12);

    cryptoKey = await importKey(keyFormat, encryptionKey, { name: "AES-GCM", length: keyLength }, [
      "decrypt",
    ]);

    decryptedData = await decrypt({ name: "AES-GCM", iv }, cryptoKey, encryptedData);

    const decoder = new TextDecoder();
    return decoder.decode(new Uint8Array(decryptedData));
  } catch (error) {
    console.error("AES-GCM Decryption error:", error);
    throw error;
  }
};
const userDetails = {
   username: payload.emailAddress,
}
const encrypted_user = await aesEncrypt(JSON.stringify(userDetails), aesKey);

const privateKeyBase64 = "your_base_encoded_kkey";

function createSignature(data, privateKey) {
  const sign = crypto.createSign('SHA256');
  sign.update(data);
  sign.end();
  return sign.sign(privateKey, 'base64');
}

function getPublicKey(privateKey) {
  const publicKey = crypto.createPublicKey(privateKey);
  const publicKeyDer = publicKey.export({ type: 'spki', format: 'der' });
  return publicKeyDer.toString('base64');
}

async function sign(options) {
  const privateKey = crypto.createPrivateKey({
    key: Buffer.from(privateKeyBase64, 'base64'),
    format: 'der',
    type: 'pkcs8',
  });

  const signature = createSignature(options, privateKey);
  const publicKeyId = getPublicKey(privateKey);

  return {
    kind: 'key', // Assuming 'Key' is the kind of credential you want to specify
    id: publicKeyId,
    clientData: options,
    signature: signature,
    algorithm: "SHA256",
  };
}

const signature = await sign(encrypted_user);

const attestation = await aesEncrypt(JSON.stringify(signature), aesKey);

Response Spec

  • Success:

    • account_id: A UUID string that uniquely identifies the user's account.

    • identifier_hash: A string representing the hash of the user's identifier.

  • Error: An object containing error details.

Request Example

POST / HTTP/1.1
Host: tiramisu.0xpass.io
Content-Type: application/json
X-Scope-Id: 123e4567-e89b-12d3-a456-426614174000
X-Encrypted-Key: jp6...yKg==

{
  "jsonrpc": "2.0",
  "method": "delegatedRegistration",
  "params": {
    "encrypted_credential": { 
      KeySignature: {{attestation}}
    },  
    "encrypted_user": "JZV...Ug=="
  },
  "id": 1
}

Response Example

HTTP/1.1 200 OK
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "result": {
    "account_id": "456e4567-e89b-12d3-a456-426614174000",
    "identifier_hash": "0x25e...1617"
  },
  "id": 1
}
Headers