User has wallet which contains user's privateKey.
Private key can be used to sign a msg and then verify the msg!
Public address of private key can be derived signed msg by comparing signed msg hash and original msg
Browser can create a random password and then use it as a starting point for sign-up
Browser Can hold a session (jwt-token) generated by server and ask for refresh when ever needed
Jwt Token has two fixed expiry times; one for resource usage and two to refresh token. This can tell server wether user is online or inactive or offline ....
This approach has no forgot password approach :)
- Generate a random password
- Store Password in browser
- Connect Wallet
- Ask for a msg from server
- Sign a msg
- Post Signed msg
- Server Responds with Session token (JWT)
- Store Session
- [FUTURE]
- Ouath / Email / other methods
- Add Password Recovery
- Done !
MSG = uuid.New()