Bitcoin native authentication in its current state is quite problematic. Tierion, a blockchain technology company, today announced the release of a suite of tools to help enable Bitcoin native authentication using LSATS – Lightning Service authentication tokens.
The project took several months to develop. During this time, Tierion and Lightning Labs engineers were developing Lightning Service (LSAT) authentication tokens. The aim of the project is to allow users to authenticate without having a user account or storing any data.
LSAT combines Lightning’s Bitcoin micropayments with standards such as HTTP 402 Payment Required and authorization headers.
“Bitcoin has introduced the idea of native payments to the Internet. Lightning’s innovative applications show that technology is also valued beyond financial transactions. LSAT is a step towards a world where we don’t have to trust third parties by sharing our private information and users get more secure and private authentication. We hope that Boltwall and Isat-js will make it easier for developers to develop applications based on a better authentication infrastructure.
Current weaknesses in the implementation of authentication
Authentication and authorization are practically required by all web and mobile applications. Authentication determines who is the addressee of the request, and authorization determines what rights the end user has.
Currently, on the level of implementation of authentication by modern applications, two defects have been diagnosed. First, they store confidential information using third parties. This information is often stolen or leaking, which is a risk. Second, actual user identities are often linked to authentication.
To illustrate the whole process, we will explain it using a specific example. Linking your real identity to an external authentication service like Google or Facebook reveals information about what services you use and how often you do so. Of course, these are just some of the information that is disclosed.
In 2019, Tierion began working on solving these issues. The team developed Boltwall, the middleware for implementing “instant” payment servers.
A few months later, Olauluwa Osuntokun, Technical Director of Lightning Labs, announced a proposal of what he called “Lightning Service Authentication Tokens”, in short: LSAT. Both Tierion and Lightning Labs in their projects were striving for one thing: to use instant payments for authentication, which were not based on personal data or any private data.
Both companies decided to cooperate and join forces. The result is presented below.
A set of free LSAT tools
Boltwall allows you to use Bitcoin Lightning paywalls and authenticate with LSAT. Users can charge for access to their API without having a user account. They do not need an API key, credit card or any user data storage. All you need is one line of code on an Expressjs server (or a similar Nodejs framework such as Restify) from a path to be protected by a firewall. LSAT will be released at any client request trying to access this path.
now-boltwall is a tool that helps to easily deploy an active Boltwall server that connects to a working instance. It provides tools to make it easy to download and set up connection credentials, configure Boltwall and connect quickly to BTCPayServer. Servers are deployed using Zeit’s Now, a serverless structure.
Using now-boltwall, you can deploy a secure TLS server that allows you to earn money on your node for free.
lsat-js is a tool library written in TypeScript and compatible with most modern browsers. It provides tools to build, analyze and verify LSAT on the server or client side.
So nothing but a ready-made, working test environment. Fully functional, integrated with all tools available in Isat-js.
LSAT Playground contains code fragments and gives space to interact with LSAT without having to write even a single line of code.
All tools are available in the official Tierion account on GitHub.