Skip to content

Session salt configuration

Sergey Shpak edited this page Mar 21, 2018 · 1 revision

After session establishment every request is signed by the identity. To prevent a replay attack a random nonce is used for every signature. By default a time delta nonce is used; the client can choose to use a unique nonce instead.

Time delta nonce

A time delta nonce is a nonce that is valid for use for a signature during a period of time (30 minutes by default). This nonce allows users to emit multiple requests in parallel. Pay attention that in this mode replay attacks are possible while the nonce is valid, so the client should use a channel protected from eavesdropping whenever possible.

The client can explicitly choose to use the time delta nonce for the session like this:

let aliceSession = await sdk.login("alice", "aliceP@ssw0rd", { saltKind: types.SessionSaltKind.TIME })

Unique nonce

A unique nonce is a nonce that is valid for one request only. In this mode a replay attack is not possible. Pay attention that in case of a unique nonce the client cannot make multiple requests in parallel.

The client can choose to use the unique nonce for the session like this:

let aliceSession = await sdk.login("alice", "aliceP@ssw0rd", { saltKind: types.SessionSaltKind.RAND })