hey so I’m trying to program my site with a personal login and it won’t work with the vivokey spark 2 tap to ios to use for personal sites as passkey is not working for some reason I don’t know what I’m doing wrong Vearch.weebly.com
1 Like
What’s happening? Code?
1 Like
Ahh the button links to;
This is a decommissioned API that used to work as an OpenID Connect API. I’m guessing you had an LLM try to build this for you? I’ve only ever seen this legacy platform come up in LLMs with old training data.
4 Likes
What you could do is use a spark actions to redirect yourself to your website by tapping your implant. Flip the “append JWT toggle” like this;
When you tap now your chip will redirect you through the spark actions server and validate the cmac signature your chip generated when you tapped it. That signature gets validated by our server, and if valid and authentic and unique (never been scanned before, not a reload or a replay), then you will be forwarded to your website with a VivoKey authenticity JWT (VivoKey.com/jwt). That is a signed (by VivoKey), timestamped json web token. You can validate the signature and look at the time stamp to confirm the JWT is “fresh”. If you use a JWT validator you can also get the public key to validate the signature and the validator will also check to make sure that JWT is not stale or expired. Our tokens are good for 30 seconds which is plenty of time to redirect you.
In short, your web server should be able to get the JWT from the query string when you are forwarded on and validate that and then figure out that you are legitimately “someone who tapped that specific spark 2”. It doesn’t necessarily guarantee it’s you because anyone might be able to sneak up and tap your chip, so I would put a simple PIN as an authentication factor after validating the jwt.
4 Likes
Still not working tryna use the code but this still no idk why