Logging Users Into The Heat Platform

Documentation on how to log users into the Heat Platform

Users can be logged into the Heat Platform through a custom authentication flow that proves ownership of a wallet address

Current Supported Chains

Login Flow

Note: This login flow assumes you can interface with a wallet to sign messages

There are two methods for logging a user into the Heat Platform. First is to use a version of the Amazon Amplify library to login. The second is to send a few manual requests in lieu of using the Amazon provided libraries

Manual Steps

Note: Responses will be returned in base64 encoding

  1. Request a challenge message to sign

Make a request to `https://cognito-idp.us-west-1.amazonaws.com/` with a JSON body matching below.

Username is in the format {chainID}-{walletAddress} with chainID being the id of the chain you wish to login with and walletAddress being the 0x prefixed wallet address

{
    "AuthFlow":"CUSTOM_AUTH",
    "ClientId":"75k724tms8ge8aqg5sdmhm7s1n",
    "AuthParameters":{
        "USERNAME":"{chainID}-{walletAddress}"
    },
    "ClientMetadata":{}
}

2. Sign the message that is returned from the challenge response

A response will be returned with a message to sign in the challenge parameters

Example:

{
    "ChallengeName": "...",
    "ChallengeParameters": {
        "USERNAME": "{chainID}-{walletAddress}",
        "message": "I am signing my one-time nonce: ####",
    },
    "Session": "...", <- Will need this for challenge response!
}

3. Send signed message as challenge response

Example:

{
    "ChallengeName": "...",
    "ClientId":"75k724tms8ge8aqg5sdmhm7s1n",
    "ChallengeResponses": {
        "USERNAME": "{chainID}-{walletAddress}",
        "ANSWER": "0x...",
    },
    "Session": "...", <- Same as returned above
}

4. Access tokens are returned

Once you receive these Oauth 2.0 tokens they can be securely stored, and can be used to access the Heat Platform as an authenticated user

{
    "AuthenticationResult": {
        "AccessToken": ...,
        "ExpiresIn": ...,
        "idToken": ...,
        "RefreshToken": ...,
        "TokenType": "Bearer",
}

Last updated