Implement custom browser authentication client

The MPin protocol involves cryptographic operations over stored cryptographic material on the client-side. That is the reason the MIRACL Trust service provides a browser client for its authentication that handles all of that. It handles also enrolment, identity management and much more.

# Custom authentication page

The MIRACL Trust platform supports custom web authentication clients. This gives clients the freedom to implement it the way it best suits their use case. MIRACL provides a JavaScript library that aids the development of the custom authentication clients - MIRACL Trust JS Client Library.

# Enable custom authentication clients

To enable custom authentication clients, CORS requests should be allowed from the MIRACL Trust portal. This is done by setting the Allowed CORS Domains property in your project’s settings to the domain where the web client is hosted.

# What is CORS

Browsers restrict cross-origin HTTP requests by default. This is done to prevent certain attacks. This means that by default a web application can only request resources from the same domain the application is running on. Cross-origin resource sharing (CORS) is an HTTP-header based mechanism that allows restricted resources to be accessed from a domain different than the requesting one. It relies on the “preflight” request that the browser makes to check if the server permits the actual request using headers that indicate the HTTP method and headers of the actual request. If the resource is allowed for the requesting domain, the server response contains the Access-Control-Allow-Origin header with the value of the requesting domain.

# Security

The authentication client is a standard JavaScript application that runs in the browser. This means it is susceptible to all potential vulnerabilities that arise from that. When clients implement custom clients they have to secure it themselves.