-
Notifications
You must be signed in to change notification settings - Fork 7
Session salt configuration
After session establishment every request is signed by the identity. To prevent a replay attack a random nonce is used for every signature. By default a time delta nonce is used; the client can choose to use a unique nonce instead.
A time delta nonce is a nonce that is valid for use for a signature during a period of time (30 minutes by default). This nonce allows users to emit multiple requests in parallel. Pay attention that in this mode replay attacks are possible while the nonce is valid, so the client should use a channel protected from eavesdropping whenever possible.
The client can explicitly choose to use the time delta nonce for the session like this:
let aliceSession = await sdk.login("alice", "aliceP@ssw0rd", { saltKind: types.SessionSaltKind.TIME })
A unique nonce is a nonce that is valid for one request only. In this mode a replay attack is not possible. Pay attention that in case of a unique nonce the client cannot make multiple requests in parallel.
The client can choose to use the unique nonce for the session like this:
let aliceSession = await sdk.login("alice", "aliceP@ssw0rd", { saltKind: types.SessionSaltKind.RAND })