Introduction
Before we begin, we would like to highlight the following components that are required for integrating only HexaEight Authentication without using HexaEight Sessions (that also provides Tokenless Authetncation with Application Layer Encryption).
- HexaEight Token Server (With License)
- Customer Application Server
- User With HexaEight Authenticator Mobile App
HexaEight provides unlimited Authentiation for any number of users using the HexaEight Token Server License
Components
We showcase how HexaEight authentication can be integrated for most uses cases with your Application. Our system uses a unique approach of authenticating the user by using a one-time access code.
Component | Description |
---|---|
User (U) | The end-user interacting with your Application |
Customer Server (CS) | Handles session code generation, JWT/cookies creation(if required) and access code verification |
HexaEight Token Server (HS) | Manages user authentication, access code generation using session codes, and saving access code prefix, suffix and access code hash for verification by Customer Server. |
Local Storage Or FileShare Or S3 (S) | Used for storing session codes and access codes |
Authentication Flow
-
Session Initialization:
- The Customer Server (CS) generates a session code and stores it in Storage (S) with the email hash of the user.
- Application displays the session code to the User (U)
-
User Generates One-Time-Access-Code:
- The User authenticated in HexaEight Mobile App, contacts the HexaEight Authorization Server (HS) and enters the session code to obtain an access code in the mobile application.
- HexaEight Authorization Server (HS) saves the one-time-access-code prefix and suffix along with the complete hash value of the prefix+one-time-access-code+suffix in the Storage(S) for that session code
-
User Authentication:
- The User (U) enters the one-time-access-code in the Application (Step a).
- The Customer Server (CS) retrieves the prefix, suffix and complete hash present for the session code from Local Storage (Step b) .
- The Customer Server (CS) uses the access-code entered by the user in the Application and computes the complete hash of the one-time-accesscode by using Hash(prefix+one-time-access-code+suffix) (Step c).
- The Customer Server (CS) will verify the above Hash value with the complete hash value obtained from the session code (Step b)
- If the complete hash value matches with the computed hash value, the user authentication is successful
- If the complete hash value does not match with the computed hash value, the authentication is UNsuccessful
-
Post Authentication (Optional)
- The Customer Server (CS) can generate JWT using its secret key or enforce https secure cookies or implement any other post logic upon successful user authentication.
Benefits of using HexaEight Authentication:
- Complete control of authentication process
- Can be implemented in scenarios where client does not have access to a browser
- Highly secure since HexaEight Authorization Server and Customer Server are coupled and controlled by Customer (you).
- User Registration, Sign ups and sending email verification links, saving user passwords can all be avoided thus saving huge costs.
- No Database Requirement in HexaEight Authorization Server since HexaEight Platform directly manages users
- User Passwords and resets in HexaEight Mobile Application are handled directly by HexaEight
- HexaEight Server (HS) Authorization Server can run even on http since it uses HexaEight patent pending encryption process to securely deliver one-time-access code to the mobile application
- HexaEight Server (HS) Authorization Server can authenticate user belonging to any domain including external domains like Gmail, facebook and others without using Social Logins.
Summary
This custom authentication system provides a secure, integrated approach to user authentication and session management. since it uses a unique approach involving a one-time access code for user authentication,