QR code authentication service for the Tana blockchain.
tana-identity enables passwordless authentication where users scan QR codes with their mobile app instead of entering credentials. the mobile app holds Ed25519 private keys and signs challenges. desktop browsers never see private keys.
when a web application needs to authenticate a user, it creates a session with tana-identity and displays the QR code. the user scans it with their mobile app, which extracts the challenge and signs it with their private key. the identity service verifies the signature and issues a session token.
web app mobile app identity service
| | |
|----create session------------------------------>|
|<---QR data + session ID-------------------------|
| | |
|---display QR--> | |
|---listen SSE----------------------------------->|
| | |
| scan QR |
| |------sign challenge----->|
| |<-----session token-------|
|<---SSE: approved + token--------------------------|
built with TypeScript and Hono. uses server-sent events (SSE) to push real-time status updates to web clients. session data is stored in PostgreSQL with automatic cleanup of expired sessions.
POST /auth/session/create - create authentication sessionGET /auth/session/:id/events - SSE stream for status updatesPOST /auth/session/:id/scan - mark session as scannedPOST /auth/session/:id/approve - approve with signatureGET /auth/session/verify - verify session tokentana-identity integrates with tana-mobile for the signing workflow and with web applications through the session token. applications verify tokens by calling the identity service before trusting authenticated requests.
QR code authentication service for the Tana blockchain.
tana-identity enables passwordless authentication where users scan QR codes with their mobile app instead of entering credentials. the mobile app holds Ed25519 private keys and signs challenges. desktop browsers never see private keys.
when a web application needs to authenticate a user, it creates a session with tana-identity and displays the QR code. the user scans it with their mobile app, which extracts the challenge and signs it with their private key. the identity service verifies the signature and issues a session token.
web app mobile app identity service
| | |
|----create session------------------------------>|
|<---QR data + session ID-------------------------|
| | |
|---display QR--> | |
|---listen SSE----------------------------------->|
| | |
| scan QR |
| |------sign challenge----->|
| |<-----session token-------|
|<---SSE: approved + token--------------------------|
built with TypeScript and Hono. uses server-sent events (SSE) to push real-time status updates to web clients. session data is stored in PostgreSQL with automatic cleanup of expired sessions.
POST /auth/session/create - create authentication sessionGET /auth/session/:id/events - SSE stream for status updatesPOST /auth/session/:id/scan - mark session as scannedPOST /auth/session/:id/approve - approve with signatureGET /auth/session/verify - verify session tokentana-identity integrates with tana-mobile for the signing workflow and with web applications through the session token. applications verify tokens by calling the identity service before trusting authenticated requests.