PPPs: Week 4 GetIn 🚀
Plans 📆
We are getting close to having our MVP ready! We aim to launch the first version of our service this week and start to get user feedback of the real thing.
We will work on three fronts:
-
Mobile app
-
Website
-
UX
Mobile App: What remains on the mobile app is to add some basic error handling and test functionalities/layout on different devices. Then of course launch it to the app stores! We will hopefully get it out to Google Play this week 🔥
Website: We need a website for sharing information about or project, but also for experimenting with the other side of our platform - our LNURL auth SDK. We will create an MVP for sharing user info when signing in to a website for the first time.
UX: Continue to iterate on the user experience. We already got some great feedback from user testing on our Figma prototype, which we will continue with. When we got the app on app stores we can reach out to early adopters and get even more feedback.
Progress ✅
This week we solved how to do authentication with lnurl in the mobile app.
Our authflow is split up into two parts:
-
Wallet/master key generation
We use bitcoindevkit to generate a mnemonic phrase and save that onto
an instance of react-native-keychain for secure storage of master key. -
lnurl auth
For authentication with lnurl we follow the official lnurl-auth specification. The lnurl-auth spec assumes we have a bitcoin masterkey. From this we do the following steps-
Derive the private hashing key from the masterkey using the
m/138'/0
path using scure-bip32. -
Get the derivation material by taking the HMAC256(SHA256) hash of the private hashing key using fast-sha256.
-
Retrieve the path suffix for our private key.
-
Get the full path of our private linking key by appending the path suffix to the original
m/138'/0
path. Due to the package we were using here we needed to do a nifty bit-masking trick to ensure that we never indexed beyond(2^31 - 1)
:
const path = m/138'/${Array.from(pathSuffix) .map(n => (n & (2 ** 31) ? ${n & (2 ** 31 - 1)}' : ${n})) .join('/')};
-
Derive private and public linkingkey from the masterkey using the full path we calculated above.
-
Retrieve k1 challenge bytes from the url in hex format.
-
Sign the k1 challenge with our private linking key using the secp algorithm implementation from the following package noble-secp256k1. We had some issues using this on React Native, but we solved this by adding the following configuration to the
metro.config.js
fileresolver: { extraNodeModules: require('node-libs-react-native')}
-
Create GET request with the signed k1 hex and our public linking key to complete auth.
-
Problems ✋
We finally solved lnurl-auth on mobile. Full speed ahead from here! 🚀
Links 🔗
Link to Github: https://github.com/GetIn-id/GetIn
Link to Miro: https://miro.com/app/board/uXjVPPOLX-w=/