Registration

For access control via hooks, the device must be registered with auth-svc. Only an authenticated user should be allowed to register their device.

User Registration

For access control via the hooks, a user must register their device. This user is from the existing user identity system of your application. The example auth-svc implementation provides firebase authentication for reference.

Best Practice: Chal-Resp for Device Registration

The device registration should follow a challenge-response protocol to prove possession of the device private key. Example Auth-svc implementation follows this best practice.

Security Best Practice

Generate the device private key in a Trusted Execution Environment (TEE) (iOS Secure Enclave, etc.)
All signatures must be performed inside the TEE

Best Practice: Chal-Resp for Device Registration​

Best Practice: Chal-Resp for Device Registration