Authentication is the process of verifying the identity of a user.
unconscious provides a simple way to authenticate users without adding much complexity to the system.
unconscious only keeps track of usernames and public key pairs.
When a user joins a chat room, they must provide a username and public key, additionally, they must sign a message with their private key to prove that they own the public key.
If a valid signature is provided, AND the username is not already taken, the user is authenticated and the server will return a JWT that the user can use on subsequent requests to confirm their identity.
This system is simple and secure, and it allows for a lot of flexibility.
This ensures that usernames on a chat room are unique, and that other users can trust that the user is who they say they are.
It would be cryptographically impossible for a malicious user to impersonate another user, as they would need to know the private key of the user they are trying to impersonate.
This avoid the need for unconscious to store passwords or rely on a third party for authentication.
Since authentication is based on signed attestations, there is no implicit limitation on non-authenticated users.
This means that users/machines can still join a chat room and participate in the conversation without being authenticated, however others will not be able to trust their identity (this is desirable in some cases).
Back to Documentation