What are Identities?

In Scatter Identities are containers for personal data, and authentication / permission mechanisms.

As an application you can't access anything about a user's Scatter without first requesting an Identity, and having them approve giving you one. This protects a user's private information such as their blockchain accounts and personal data from being leaked to random websites on the internet that aren't even integrated with Scatter, and also those which the user has yet to interact with and approve.

On top of that level of privacy protection they also serve as a way for applications to get information about their users without requiring the user to fill out the same forms over and over again across multiple websites.

Take the getIdentity() request below as an example.

    personal:['firstname', 'lastname'],
}).then(identity => {

    // This would give back an object with the required fields such as `firstname` and `lastname`
    // as well as add a permission for your domain or origin to the user's Scatter to allow deeper
    // requests such as requesting blockchain signatures, or authentication of identities.

}).catch(error => {

Once logged in, the permission persists.

After a user has approved giving you permission to access their Identity you no longer have to call getIdentity() if the user refreshes the page.

Instead you can check if an Identity exists on the scatter object itself. This also means that you don't have to save the Identity within your shared services along-side your Scatter reference, you can simply save your Scatter reference and pull the identity from within it.

if(scatter.identity){ /*...*/ }

Identities as an Authentication System

Identities have their own set of keypairs, and can be used to authenticate users by having them sign your domain or origin using the Identity's private key. You can then double check that the result was signed by the public key you have on file and issue them a token to talk to your backend without having to ask them to enter a password.

This not only is Blockchain agnostic but it also works with centralized applications as well since it's only powered by asymmetric encryption ( keypairs ).

// Once a user has given you an Identity you can simply do

scatter.authenticate(12_CHAR_RANDOM_STRING).then(result => {

    // Authentication passed, you can also
    // double validate the the public key on their
    // identity has signed the returned `result` which will be
    // your domain

}).catch(error => {
    // Authentication Failed!

At some point, people will want to log off.

When a user wants to log off of your website, or just log in with another Identity/username you can simply use the forgetIdentity() method which will remove the permission that links their Identity to your domain.

If a user has other permissions such as whitelisted contract actions, they will be left in place and will still work the next time the user logs in with the Identity linked to them.