New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add a flag in loginOauth function to skip setup tkey #120

Open

himanshuchawla009 opened this issue Apr 30, 2024 · 1 comment

Assignees

Labels

Member

himanshuchawla009 commented Apr 30, 2024

This can be used to migrate sfa keys to mpc without multiple logins
We need to make sure that setupTkey and importTssKey function is secure enough to not allow imports from unauthenticated users

himanshuchawla009 added the enhancement label

himanshuchawla009 assigned ieow

ieow added the v3 label

Contributor

ieow commented May 7, 2024 •

edited

Loading

Recommended flow to support migration

Dev maintain DB tracking migrated user after user click on button to migrate

Create a button for migrate from sfa to mpc. accessible after user login in to sfa
- retrieve sfa final key
- login in to mpc with sfa key as importTssKey ( using mpc sdk)
- delete sfa Final key from sfa sdk
save migrated user to DB ( done by dev)
on next user login, check DB if user is migrated,
- Yes, proceed login with mpc sdk
- No, proceed login with sfa sdk

Force User to migrate on login

Split mpc login function to login and setupKey. Check for newUser in between the flow
- login with jwt/oauth
- check corekitStatus ( will return newUser or existing User )
  - newUser - prompt user for migration, make user login again with sfa
    - using sfa key continue setupKey and provide sfa key as importTssKey
  - existingUser - continue setupKey flow

ieow mentioned this issue

feat: split login flow to login and setup #142

Draft

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment