Skip to content
Liquid Auth

Architecture

This is a high level overview of the sequence of events that happens while using Liquid Auth. See the Getting Started section for more detailed information on each step. Diagrams are generated using Mermaid.

Authentication

A user can link their device to a website by scanning a QR code. The website will subscribe to a WebSocket channel to receive the link status. The wallet will scan the QR code and send a FIDO2 PublicKeyCredential to the server. The server will validate the FIDO2 credential and send a response to the wallet and website.

Offer ClientServerAnswer ClientOffer ClientServerAnswer ClientSubscribe to 'wss:link'Display QR Connect Request IDScan QR CodeGet Challenge/OptionsPOST FIDO2 Credential + Liquid Auth ExtensionValidate SignaturesHTTPOnly SessionOk Response + HTTPOnly SessionEmit to `wss:link` client

Signaling

The website and wallet can subscribe to an isolated WebSocket channel to broker Session Description answers and offers. ICE Candidates are discovered when any peer has both an offer and answer.

Offer ClientServerAnswer ClientOffer ClientServerAnswer ClientSubscribe to 'wss:offer-description'Subscribe to 'wss:offer-candidate'Subscribe to 'wss:answer-description'Subscribe to 'wss:answer-candidate'

Offer

Offers are created by a peer and sent through the signaling service. A client with an offer will listen for an answer description. Answers are only emitted in response to an offer. Offer clients are responsible for creating the Data Channel.

Offer ClientServerAnswer ClientOffer ClientServerAnswer ClientOn answer-description, set Remote SDPOn answer-candidate, add ICE CandidateCreate Peer Offer & DataChannelEmit `wss:offer-description`Emit `wss:offer-candidate`

Answer

An Answer is created by a peer in response to an offer. The answer description and candidates are emitted to the signaling service.

Offer ClientServerAnswer ClientOffer ClientServerAnswer ClientOn offer-description, set Remote SDP and create AnswerOn offer-candidate, add ICE CandidateEmit `wss:answer-description`Emit `wss:answer-candidate`

Data Channel

Once an Offer and Answer have been exchanged, a Data Channel will be emitted to the peer who created the answer. This channel is used to send messages between the website and wallet in real-time over the established P2P connection.

Offer ClientServerAnswer ClientOffer ClientServerAnswer ClientEmit DataChannelOn Message, Handle MessageOn DataChannel, listen for MessagesEmit MessagesEmit Messages