{"id":15501457,"url":"https://github.com/kineticcafe/app_identity","last_synced_at":"2025-04-22T22:30:12.311Z","repository":{"id":58898618,"uuid":"533813593","full_name":"KineticCafe/app_identity","owner":"KineticCafe","description":"Fast, lightweight, cryptographically secure app authentication","archived":false,"fork":false,"pushed_at":"2025-04-03T03:28:41.000Z","size":786,"stargazers_count":2,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-17T13:33:19.614Z","etag":null,"topics":["application-identity","application-identity-verification","elixir","ruby","specification","typescript"],"latest_commit_sha":null,"homepage":null,"language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KineticCafe.png","metadata":{"files":{"readme":"README.md","changelog":"Changelog.md","contributing":"Contributing.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"Roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-09-07T14:56:17.000Z","updated_at":"2025-04-03T03:27:18.000Z","dependencies_parsed_at":"2023-01-31T07:15:43.420Z","dependency_job_id":"c4b95187-9f78-41b3-869c-24c77be7513f","html_url":"https://github.com/KineticCafe/app_identity","commit_stats":{"total_commits":127,"total_committers":5,"mean_commits":25.4,"dds":0.5039370078740157,"last_synced_commit":"d3decc8f114fbe30cfd7c9374422958f28fb2b25"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KineticCafe%2Fapp_identity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KineticCafe%2Fapp_identity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KineticCafe%2Fapp_identity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KineticCafe%2Fapp_identity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KineticCafe","download_url":"https://codeload.github.com/KineticCafe/app_identity/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250333817,"owners_count":21413465,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-identity","application-identity-verification","elixir","ruby","specification","typescript"],"created_at":"2024-10-02T09:04:25.450Z","updated_at":"2025-04-22T22:30:12.290Z","avatar_url":"https://github.com/KineticCafe.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# App Identity\n\nThis repository contains the specification for Kinetic Commerce's App Identity\nsolution as well as three reference implementations (Elixir, Ruby, and\nTypescript) adapted from our previous implementations.\n\nThe three implementations are developed and tested against each other.\n\n## Summary\n\n\u003e The specification can be found in [spec/](spec/README.md).\n\nApp Identity provides a fast, lightweight, cryptographically secure app\nauthentication mechanism as an improvement over just using API keys or app IDs.\nIt does this by computing a proof with an application identifier, a nonce, an\napplication secret key, and a hashing algorithm. The secret key is embedded in\nclient applications and stored securely on the server, so it is never passed\nover the wire.\n\nApp Identity is _not_:\n\n- An app authorization mechanism. By itself, it cannot verify that an app is\n  permitted to perform given actions. App authorization may be built _on top of_\n  App Identity through the use of multiple apps.\n\n- User authentication or authorization. The validation here is insufficiently\n  secure for user authentication, and would require undefined side channels to\n  communicate the shared secrets.\n\nApp Identity algorithm versions are strictly upgradeable. See\n[Algorithm Versions](spec/README.md#algorithm-versions) in the specification for\ndetails.\n\n### Indications and Contraindications\n\nApp Identity is _not_ a universal solution to app authorization.\n\nWe recommend the use of App Identity for mobile apps, server API clients, and\nAPI gateways. The supported App Identity configurations should be added to the\ncode bundles as late as possible to avoid secret leaks.\n\nWe strongly recommend _against_ the use of App Identity in compiled JavaScript\napplications delivered through the browser. There is no way to keep the app\nsecret secure in a browser environment, which worse than having no security.\n\nIf you have browser applications that require App Identity support, we recommend\nusing an API gateway configuration of App Identity in order to enrich the\nrequest from the client. Securing such requests from the client to the gateway\nis _outside_ the scope of App Identity. At Kinetic, have used CORS, CSP, user\nauthentication, and rate limiting to ensure that the gateway calls themselves\nare not abused.\n\n## Implementations\n\nThis repository contains three reference implementations:\n\n- [Elixir](elixir/README.md)\n- [Ruby](ruby/README.md)\n- [Typescript](ts/README.md) for Node\n\nThe versioning of each of the reference implementations mostly follows\n[Semantic Versioning][semver], but are not linked to each other. Each\nimplementation identifies which\n[specification version](spec/README.md#version-and-versioning) it supports.\n\n### Other Implementations\n\nWe encourage implementations in other languages, and will link to them here. We\nare planning implementations in the following languages:\n\n- Swift\n- Kotlin\n- Go\n- Rust\n\nIf you have created an implementation, please submit a [pull request][pr] to\nupdate the list above.\n\n### Building New Implementations\n\nNon-reference implementations should be written to the provided\n[specification](spec/README.md) and tested against at least one other version\n(Ruby, Typescript, or Elixir) using the [integration](integration/README.md)\nsuite.\n\nIf you are looking for assistance in developing or testing your implementation,\nplease start a [discussion][discussion].\n\n## Contributing\n\nSee [Contributing.md](./Contributing.md).\n\n[pr]: https://github.com/KineticCafe/app_identity/pulls/\n[discussion]: https://github.com/KineticCafe/app_identity/discussions/\n[semver]: http://semver.org/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkineticcafe%2Fapp_identity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkineticcafe%2Fapp_identity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkineticcafe%2Fapp_identity/lists"}