Documentation

Authenticate

Web
JSON

authenticate lets you prove that a user owns the identity that they have given you. Some Identities are RIDL enabled and are subject to being impersonated, you should always authenticate that a user truly owns the Identity instead of trusting them implicitly.

When an Identity is authenticated the domain ( or origin in the case of a desktop application ) is signed with the private key attached to the Identity and then returned to the application. You can use the public key attached to the Identity to validate the signature.

To authenticate you must have already requested and been given an identity.

scatter.authenticate(12_CHAR_RANDOM_STRING).then(signedOrigin => {
    //...
}).catch(failedAuthentication => {
    // ...
})
{
    id:'random-uid',
    type:'authenticate',
    plugin:'Your App Name',
    payload:{
        nonce:'somerandom12'
        origin:'domain' || 'YOUR_APP',
        publicKey:'THE_IDENTITY_PUBLIC_KEY'
    }
}