#gateway #identity #miraland #civic #public-key #networking

miraland-gateway

Miraland on-chain identity gateway derived from Solana on-chain identity gateway

3 releases (breaking)

0.3.0 Dec 18, 2023
0.2.0 May 23, 2023
0.1.0 May 24, 2023

#61 in #gateway


Used in 3 crates (2 directly)

MIT license

79KB
1K SLoC

Solana Gateway Integration Library

A Rust crate that can be used by a Solana program to restrict access to holders of a valid Gateway Token.

Gateway tokens are issued by gatekeepers. A cluster of gatekeepers with similar rules for issuing gateway tokens are defined as a Gatekeeper Network.

The on-chain program chooses a gatekeeper network to trust, by adding its public key to a program account.

This library then validates that gateway tokens are issued by gatekeepers in this network and are valid.

Usage

In Cargo.toml

solana-gateway = "<LATEST VERSION>"

In the instruction processor (typically processor.rs)

use miraland_gateway::Gateway;
use solana_program::{
    account_info::AccountInfo,
    program_pack::Pack,
    pubkey::Pubkey,
};

fn process() {
    // The owner of the gateway token
    let owner: AccountInfo;
    // The gateway token presented by the owner
    let gateway_token_account_info: AccountInfo;
    // The gatekeeper network key
    let gatekeeper: Pubkey;

    let gateway_verification_result:Result<(), GatewayError> =
        Gateway::verify_gateway_token_account_info(
            &gateway_token_account_info, &owner.key, &gatekeeper, None
        );
}

Advanced Usage

By default, the verify function will fail if the token has expired. This is an important security measure in some gatekeeper networks, particularly ones that require ongoing monitoring of the token's owner.

In gatekeeper networks where this is not relevant, it is recommended to issue tokens without expiry.

However, in some scenarios, an expired token may still be considered valid. Alternatively the integrator may wish to set a tolerance value.

To ignore expiry:

let gateway_verification_result:Result<(), GatewayError> =
        Gateway::verify_gateway_token_account_info(
            &gateway_token_account_info, &owner.key, &gatekeeper, {
                Some(VerificationOptions {
                    check_expiry: false,
                    ..Default::default()
                },
            }
        );

To set a tolerance:

let gateway_verification_result:Result<(), GatewayError> =
        Gateway::verify_gateway_token_account_info(
            &gateway_token_account_info, &owner.key, &gatekeeper, {
                Some(VerificationOptions {
                    check_expiry: true,
                    expiry_tolerance_seconds: Some(120),    // allow 2 minutes tolerance for token expiry
                },
            }
        );

Dependencies

~19–29MB
~485K SLoC