The concept of passwordless authentication has already been tested on control.viz.world, where a string containing critical data for verification is signed on the client side and the server already verifies the signature against the public key.
In the past I’ve already described the general mechanism of operation, today’s news is different. After the first version of viz-php-lib has been developed, step by step we need a simple support for the already established mechanisms. This is exactly the mechanism which has been added to the library to support authentication and verification.
It is enough to execute the auth method with a private key, specify the verifying domain and account on behalf of which the login will be performed, and the developer will receive the string and signature mapping, which should be passed to the verifying script on the server side.
The server just has to pass received data to the new VIZ\Auth class and immediately get the result of verification. The storage of the session already depends on the specific implementation, but this will allow future integration of passwordless login into various CMS and add support, for example in Vizonator.
VIZ paves the way where many people can’t even see the way 😉
PHP developers, join in!
Наградить автора поста
