This is the technical side of our MetaMask Free blog post, providing a deep dive into how authentication, attestations, and migration work without MetaMask.

Mobile Auth

The mobile app authenticates the web app by sending an encrypted cookie through the server.

This works by generating a one off PGP key on the client and sending the public key to the server to pair it with a generated UUID token, that token is sent back to the client and used to render the QR code. The mobile app then scans the QR code and sends back a cookie that the server encrypts with the public key and sends to the client. This is very secure due to only keeping the PGP private key in the client’s state.

Old Auth Flow (Left) vs. New Auth Flow (Right)

Attestations

Attestations work in a similar manner. Instead of signing a message with MetaMask you will be prompted to scan a QR code and the mobile app will sign a message for the attestation.

The message the app signs is the structured and hashed attestation data, and this is used to record the user's consent for the attestation to be completed.

Old Attestation Flow (Left) vs. New Attestation Flow (Right)

Migration

Users who already have a BloomID with MetaMask will have to migrate to a mobile account. Check out the related post for details on how to do this.

When scanning the migration QR the mobile app is signing the MetaMask address and sends back the mobile address. You are then prompted to sign that address with your MetaMask address and submit a delegated transaction to link the accounts on chain. This is a delegated transaction because we are paying gas fees for users to migrate.

Migration Flow

Conclusion

Going MetaMask free has allowed us to make Bloom a mobile first app and let the web app be lightweight while improving UX and keeping all the features.

Bloom: Take Control of Your Credit & Identity

Bloom is a blockchain solution for identity security and cross-border credit scoring, restoring ownership and control of identity information and financial data back to consumers. By decentralizing the way that information is shared between untrusted parties, the system reduces the risk of identity theft and minimizes costs associated with customer on-boarding, compliance and fraud prevention.

Together, we are paving a path for a fairer and more secure credit system, redefining the way that credit and finance are conducted.

To learn more about the latest with Bloom: