# I-am-human Backend Flow Author: Oleksiy Pyltsov ## Summary `i-am-human' project provides an opportunity to check that the owner of the NEAR account is a unique person. Soulbound Tokens (SBT) of various types are minted on the account, which confirms this. [Spec for i-am-human v1.0](https://hackmd.io/@Kazander/ryHHniFqi#51-Known-Issues). For one type of SBT, a system is used in which the verification of a person's uniqueness takes place through verification at [GoodDollar](https://gooddollar.org). This document describes the flow of interaction between all components, including the Backend. ## Components The following components are involved in this flow: - Frontend - interacts with the user - Backend - makes checks that cannot be done in Frontend or Smart Contract - Smart Contract - mints SBT for NEAR account - GoodDollar - web3 protocol that, among other things, checks the uniqueness of a person using a face scan. ## Backend The Frontend will provide a GoodDollar account, and in response, the Backend will send a cryptographically signed proof verifying that the account has successfully undergone a face scan procedure. This procedure is executed during the initial `claim` of GoodDollar tokens. The Backend verifies whether the `claim` function of the GoodDollar smart contract has been invoked (they use blockchain [Fuse](https://fuse.io)). After generating the proof, the Backend will sign it with their private key and transmit it back to the Frontend. TODO /api-call ## Flow ```mermaid sequenceDiagram Frontend->>Backend: GoodDollar auth token Backend->>Backend: Check on Fuse that account calls claim() Backend->>Frontend: Proof signed by Backend key Frontend->>Smart Contract: mint(backend_proof, proof_signature) Note over Smart Contract: verify gooddollar address uniqueness, signature, mint SBT ``` The following actions will be taken: - Frontend - sends an auth token, as it was received from GoodDollar. The parameters we are interested in: blockchain address (a.value), signature (sig) and creation time (nonce.value) - Backend - verifies the signature in the auth token - verifies that the blockchain address called the `claim` method in the GoodDollar smartcontract and it completed successfully - forms a proof, the format of which is described below, and signs with his ed25519 private key - sends proof and signature to Frontend, or an error - Frontend - receives a response from the Backend - calls the `sbt_mint` function on behalf of the user, where it passes the proof and signature - displays to the user that he received an SBT or an error - Smart Contract - checks that proof and signature are valid - checks that the NEAR account does not have an SBT - checks that SBT is not registered on the GoodDollar blockchain address - mint SBT ### Backend Proof format ```json { "gooddollar": "0x388C818CA8B9241b393131C08a736A67ccB19297", "expire": 1676565421 } ```