Gaia Association Tokens

aaron · October 4, 2018, 7:24pm

I’ve received some questions over time about Gaia association tokens and how they can be used.
They weren’t designed to be immediately useful to applications, rather they are used make maintaining whitelists for private Gaia hubs easier. So for example, if I want to run a private Gaia hub, that only I can write to, I can use the Gaia configuration property for whitelisting. I’d add whitelist entries for the various owner addresses corresponding to the IDs that should be allowed to write. However, since each application has its own app-specific private key, I would need to whitelist those as well. This is where association tokens become useful.

In the Gaia authentication spec, if a request suppplies an association token, signed by a given address, the Gaia hub checks to see if that associated address is in the whitelist, and if so, it allows the request even if it is coming from an address that isn’t in the whitelist. This opens the doors to automating the process of allowing applications to write to private Gaia hubs when the user authenticates with them, rather than having to manually add new entries to the whitelist.

We have some documentation of association tokens here:

github.com

blockstack/gaia/blob/master/README.md#association-tokens

Gaia: A decentralized high-performance storage system
====================================

This document describes the high-level design and implementation of the
Gaia storage system. It includes specifications for backend storage drivers
and interactions between developer APIs and the Gaia service. 

Developers who wish to _use_ the Gaia storage system should see the
`blockstack.js` APIs
documented [here](https://github.com/blockstack/blockstack.js/tree/master/src/storage) and [here](http://blockstack.github.io/blockstack.js/#storage).

If you would like to deploy your own you can easily do so using Heroku:

[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/blockstack/gaia/)

Instructions on setting up and configuring a Gaia Hub can be found in [this readme](https://github.com/blockstack/gaia/blob/master/hub/README.md).

# Overview

<!--- I swapped these two paragraphs and did some word-smithing (jcn) -->

This file has been truncated. show original

There may be other use cases for these association tokens as well (e.g., when running a Gaia hub shared amongst an organization, but disallowing writes from people outside of the organization), but the above use case is the motivation for the concept.

jehunter5811 · October 4, 2018, 9:34pm

@aaron If I’m reading the spec right, association tokens can only be configured for a custom gaia hub, not the default hub. Is that accurate?

aaron · October 4, 2018, 9:40pm

That’s correct. The default gaia hub does support association tokens, but they won’t be used by it for anything, because it isn’t doing any whitelisting — it’s a public hub that will let anyone connect to it.