Client Setup - Part 3

User login & signup screens

Storing data in the cloud requires a logged in user. So the next step is the user login & signup flow.

The ZeroDark.cloud framework supports 2 forms of authentication:

  • a pre-built authentication system managed by ZeroDark.cloud
  • bring your own authentication

When you're new to the framework, we recommend starting with our pre-built authentication system. This allows you to get up-and-running quickly. Custom authentication is an advanced topic that should be tackled after you've become familiar with ZDC, and you've determined its the right solution for your app.

Pre-Built Authentication

You can display the pre-built authentication flow with just a few line of code.

func showAuth() {

    let setupVC = zdc.uiTools.accountSetupViewController(
                               withInitialViewController: nil,
                             canDismissWithoutNewAccount: true)
    {(localUserID: String?, completedActivation: Bool, shouldBackupAccessKey:Bool) in

   //   do something with new localUserID
    }

    // display the setupVC
}

The closure is invoked when the user has either completed or cancelled the authentication flow.

Understanding the pre-built authentication

As mentioned above, the framework supports:

  • a pre-built authentication system managed by ZeroDark.cloud
  • bring your own authentication

To understand the pre-built authentication system, consider the 3 parties involved:

  • one of your app's users - let's call her Alice
  • you, the business / app-developer - let's call you Biz
  • and ZeroDark.cloud

In order to provide a zero-knowledge cloud to you (Biz) and your users (such as Alice), there is only one rule:

  • ZeroDark.cloud cannot ever read the user's data (i.e. Alice's data)

Now Alice can obviously read Alice's data. And you can code the app such that you (Biz) can read some of Alice's data. (Or all of it. Or none of it. Depends on the goals of your app.) But ZeroDark.cloud is never allowed to have read-access.

In order to guarantee this security, Alice has a private key associated with her account. And ZeroDark.cloud does NOT know this private key - thus the ZDC server(s) are not capable of decrypting Alice's data.

The pre-built authentication system automatically generates this private key for Alice when she creates her account. (It generates this on her device, within the open-source framework.) And the pre-built authentication system requires Alice to backup her private key.

There are pros & cons of this system:

  • Pro: Alice gets better privacy
  • Con: Alice must responsibly perform the backup. And she risks losing access to her cloud data is she fails to do so, and then loses ALL the devices in which she's logged in.

There's an alternative option here. Instead of requiring Alice to backup her private key, you (Biz) can be responsible for storing her private key. Such a system still fullfills the primary requirement: ZeroDark.cloud cannot know the user's private key. If such a system is preferred by your app, then you'll want to persue custom authentication at a later date.