OAuth Flow

OAuth Flow

This flow enables secure authorization for clients (such as games) to access user data.

Three Modes: On-chain mode, off-chain mode, data storage (DA) mode.

1. Authorization Grant Registration by CARV ID Owner:

  • The CARV ID Owner registers the Authorization Grant on-chain by encrypting it using their private key and the clientโ€™s public key.

  • Authorization Grant Structure:

    1. Client entity (e.g., Infinite Gods: smart contract, namespace, identity, RSA public key)

    2. Access scope (e.g., /metamask/address, operation code, and price such as /carv/google/gmail carv, R/0.01USDT, /infinitegods/, CURD/0)

    3. Expiration date

    4. User CARV ID and signature (hash of i-iv signed by CARV ID Owner)

2. Verifier Network Sharing:

  • The verifier network shares the Authorization Grant with the home chainโ€™s contract. (on-chain mode).

  • Users send Authorization Grant to client directly (off-chain mode).

  • Users encrypted Authorization Grant and store it in data storage, then send the identifier to client (DA mode).

3. Client Grant Fetching and Storage:

  • Clients fetch and decode the Authorization Grant, storing it internally for future use.

4. Data Fetching:

  • Based on the Authorization Grant, clients can send it to TEE cluster and fetch users data through the API.

5. Verification Result On-Chain and Reward Distribution:

  • The TEE uploads the signed verification result (attestation) to CARV Layer 2.

  • The Verifier monitors the chain for the verification result and, if no issues arise, rewards are distributed to the user on the target chain.

Last updated