Authentication
The LearnCard Wallet SDK employs a decentralized authentication model rooted in Decentralized Identifiers (DIDs). As a developer, you initiate and control your digital identity through a securely generated Key Generation Seed.
Here's the core concept:
You generate a seed: This seed must have sufficient entropy (randomness).
SDK creates keypairs: The SDK uses this seed to deterministically create cryptographic keypairs (a public and private key). These keypairs are the foundation of your digital identity.
Authenticate using DIDs: These keypairs are represented as DIDs. The SDK uses these DIDs and their associated private keys to authenticate with various services like the LearnCloud Network API, Storage APIs, and AI services through a process called DID-Auth.
This means you prove your identity by signing challenges with your private key, never revealing the key itself.
Getting Started: Generating Your Identity Seed
Authentication begins with a Key Generation Seed. This is a crucial piece of data: a 64-character hexadecimal string, which represents 32 bytes of secure randomness.
Your Responsibility: You are responsible for generating this seed and ensuring its secure management. The security of your LearnCard identity hinges on the secrecy and integrity of this seed.
How to Generate a Secure Seed:
Use a cryptographically secure random number generator to create 32 bytes of data and then convert it to a 64-character hexadecimal string.
In a Browser Environment:
In a Node.js Environment:
Key Security: Critical Reminder
Your 64-character hexadecimal seed is the master key for your LearnCard identity.
Protect It Rigorously: Anyone who gains access to this seed can regenerate all your associated private keys. This would allow them to impersonate you, control your DIDs, and access or modify any data or credentials linked to your identity.
Irreversible Loss: If you lose this seed and have no other backup of the private keys themselves, you may permanently lose access to your LearnCard identity and any associated assets or credentials.
Handling: Treat this hex string with the same (or even greater) caution as you would a mnemonic seed phrase for a cryptocurrency wallet. Store it securely, preferably offline and in multiple locations if you are managing it directly.
Initializing LearnCard with Your Seed:
Once you have your 64-character hexadecimal seed, you use it to initialize the LearnCard SDK. This process generates the cryptographic keys tied to your identity.
Authentication Flow: How It Works
Seed to Keys: The 64-character hexadecimal
seed
you provide is the master input. The SDK uses it to deterministically derive one or more cryptographic keypairs. "Deterministic" means that if you use the same seed again, you will always get the exact same keypairs.Keys to DIDs: These keypairs are then used to generate Decentralized Identifiers (DIDs). Your primary, locally generated DID will typically be a
did:key
. A DID is a globally unique identifier that you control, representing your digital identity.DID-Auth: When your application needs to perform an action that requires authentication (e.g., accessing data, calling an API), the LearnCard SDK uses the private key associated with your DID. The API will issue an authentication challenge, which the SDK signs using your private key. This signature proves you control the DID without ever exposing the private key. This entire process is known as DID-Auth.
Authenticating with Specific APIs
1. LearnCloud Network API
The LearnCloud Network API enables you to create and manage rich, DID-based user profiles.
Initial Authentication & Profile Creation:
Authenticate with
did:key
: Your first interaction with the Network API, such as creating a profile, will be authenticated using thedid:key
that the LearnCard SDK generated from your seed. Thisdid:key
serves as your initial, self-controlled digital signature.Create a Profile: Once authenticated with your
did:key
, you can make a request to the Network API to create a user profile (e.g., a Regular Profile for an individual, or a Service Profile for an application).Receive
did:web
: Upon successful creation of your profile on the LearnCloud Network, the service will typically associate your profile with a new, more publicly discoverable DID: adid:web
. Thisdid:web
is tied to a domain name and represents your identity within the LearnCloud ecosystem.
Conceptual Example:
After profile creation, you can use your did:web
(and in some cases, still your did:key
) for ongoing interactions with the Network API.
2. Storage, AI, and Other APIs
Authentication with other APIs integrated into the LearnCard ecosystem (e.g., for decentralized storage, AI services) follows the same fundamental DID-Auth pattern:
Your LearnCard instance, holding keys derived from your seed, will use the appropriate DID (e.g.,
did:key
,did:web
) to sign authentication challenges presented by these services.This proves your control over the identity requesting the action.
Further Reading
For a more in-depth understanding of the concepts mentioned here, please refer to our Core Concept explainer documents:
Last updated
Was this helpful?