This is a value for value post: see the explanation in the footer.
If anyone else wants to look HAS authentication in Python, the code is all here:
HAS - Hive Authentication Service from Python
First of all HAS is cool, I like the way it operates. If you don't know, HAS is @arcange's authentication service where you give authorisation to a Hive website or dapp using QR codes you snap with Hive Keychain on a phone. Once you are authenticated, if you do anything that requires a signature (liking a post, writing a comment etc.) Hive Keychain will ask again for authorisation.
I've used it quite a bit logging on to public computers where I don't have or can't have Hive Keychain installed. I can log on, do something and then log out and be 100% sure that there is no way anyone else can use my credentials or access my account.
The system also works (mostly) on mobile. There are some technical issues when moving from app to app on phones (I'm using an iPhone) and behind the scenes, support for the underlying websocket protocol could improve, but it does work.
What's the problem we're solving here?
Let's just back up and restate what the problem we're trying to solve is.
When you log on to Facebook or Twitter, you do that with a username and password. Those centralised services will check your username and password against their internal database, record that you've logged in and then put an invisible "cookie" on your computer and every time you ask for a page from their site, their central servers will look at your cookie and if it is valid, they'll let you do anything you're allowed to:
- look at the content you can see,
- post under your name,
- generally make use of their service.
On Hive the websites and dapps you use have a significant difference: there is no central database of usernames and passwords, instead we have public and private keys.
And when we say public keys, we really do mean public: here are my keys for Hive!
The public keys are those things which start
STM.... The beauty of this system is that if you hold the Private Key, you can publicly "sign" a message which proves you have the Private Key to match any of those Public Keys.
Nobody else can do that and you don't need to actually show anyone the Private Key.
Private Key Store APP (PKSA)
Except that signing something with you Private Key is a semi complex cryptographic challenge which only a computer can really do for you. This is a snippet of code as an example:
For example, the ECC in "ecc.Signature" stands for Elliptic-curve cryptography which is the underlying system a lot of this is based on.
If you ever wondered what Hive Keychain is actually doing in your broswer, that fragment of code is the kind of thing which happens when you click yes on a pop up to do something.
The point here is that you aren't sending a key, you're just proving that you have the private key to match the same public key which anyone can see is recorded in your Hive profile.
Hive Keychain and Hivesigner or PeakLock are all PKSAs - Private Key Store Apps. You have to trust your private keys to those services and they shouldn't let your keys out. Only sending signatures back to services that need to know you are you.
Side note: delegated authority
You can see in my list above that my Posting section is big: each of the names in that section have been given
Posting Authority by me. If one of those account signs a transaction from me but with their posting key, not mine, it will be accepted as coming from me.
Making HAS work in Python
I started out with the idea that I would like to have a Python only based website, probably using the framework Flask. A long time ago when I was learning to code again, I managed to integrate Hive Keychain sign in with Flask and that work is here:
Once I actually started to implement HAS (and you can see the first failed attempt here) I realised this was a slightly bigger thing to implement than I thought.
I'm not sure why I did this after coming to realise how I should be using HAS, but I kept on going and set myself the challenge of doing the complete authentication in Python from the protocol documents which @arcange has posted.
Well I've done it. The code is not really finished because I haven't really figured out how this can be used but it's up there and open.
There's a stub of a command line which can authenticate a Hive account and I have behind the scenes code to sign any challenge and send any transactions.
If anyone else wants to look the code is all here, it's a bit of a mess right now but I want to improve it especially if anyone tells me their interested in using it:
In addition, I'm traveling to Australia soon with @apshamilton for our first in person court hearing on the Crypto Class Action.
Thanks to @arcange
All of this work stems from @arcange and I had numerous calls with him to get to this point. We found a couple of tiny issues with the documentation but he has built a remarkably solid solution.
I feel sure that there are probably some uses for this Python interface and one in particular I'm thinking about is a way to authenticate with Hive for using an API. If anyone reading this likes that idea, get in touch with me.
Value for Value
For the last few months while building @v4vapp I was generously supported by the DHF. Going forward I have a much more modest support which covers direct server costs and a little of my time.
If you appreciate the work I do on and around Hive, you can express this directly: upvoting posts on Hive is great. Also consider a direct donation (there's a Tip button on Hive or a Lightning Address) on all my posts.