OAuth Flow
OAuth Flow
This flow enables secure authorization for clients (such as games) to access user data.
Three Modes: On-chain mode, off-chain mode, data storage (DA) mode.
1. Authorization Grant Registration by CARV ID Owner:
The CARV ID Owner registers the Authorization Grant on-chain by encrypting it using their private key and the clientโs public key.
Authorization Grant Structure:
Client entity (e.g., Infinite Gods: smart contract, namespace, identity, RSA public key)
Access scope (e.g.,
/metamask/address
, operation code, and price such as/carv/google/gmail carv
,R/0.01USDT
,/infinitegods/
,CURD/0
)Expiration date
User CARV ID and signature (hash of i-iv signed by CARV ID Owner)
2. Verifier Network Sharing:
The verifier network shares the Authorization Grant with the home chainโs contract. (on-chain mode).
Users send Authorization Grant to client directly (off-chain mode).
Users encrypted Authorization Grant and store it in data storage, then send the identifier to client (DA mode).
3. Client Grant Fetching and Storage:
Clients fetch and decode the Authorization Grant, storing it internally for future use.
4. Data Fetching:
Based on the Authorization Grant, clients can send it to TEE cluster and fetch users data through the API.
5. Verification Result On-Chain and Reward Distribution:
The TEE uploads the signed verification result (attestation) to CARV Layer 2.
The Verifier monitors the chain for the verification result and, if no issues arise, rewards are distributed to the user on the target chain.
Last updated