This package contains an implementation of a very simple MinAuth plugin. It functions as a proof-of-concept and an example of how to build a MinAuth plugin. It uses MINA's o1js library for its zero-knowledge proof part.
In essence the use of the plugin is equivalent to a standard hashed password approach, where server does not learn the password, but instead accepts its hash.
Additionally the server/verifier part of the plugin is configured with a set of roles/accounts/acl scopes tied to hashes and if given valid proof of knowledge of a preimage of one the hashes it confirms and informs the server about the valid assumption of the role.
The hash uses Poseidon.hash
hashing function widely used in o1js
.
/**
* The plugin configuration schema.
*/
export const rolesSchema = z.record(
/** Hash preimage of which is used to authorize operations */
z.string(),
/** An auxilliary name for the hash - for example
* a name of a role in the system */
z.string()
);
export const configurationSchema = z
.object({
roles: rolesSchema
})
.or(
z.object({
/** Alternatively, the "roles" can be loaded from a file */
loadRolesFrom: z.string()
})
);
The plugin configuration is either a direct mapping of roles or a path to a file storing the mapping.
The roles mapping can change over-time so previously accepted proofs can get outdated and invalid. MinAuth plugins support revocation of output. This plugin will revoke any output that considered a hash that is no longer resolves to the same role (or is no longer present in the mapping.)