Skip to main content

Upgrades from Keysmith 1

This section describes the major changes that are added to Keysmith 2 from Keysmith 1.

Format of keyfile

The keyfile that is uploaded to the user's Google Drive account will be changed as well:

  1. The type of file will be changed from a (plain text) JSON file into a binary file.
  2. Change the name of the file from ME3_KEY.json to one named after the partner application followed by a warning i.e. <application_name> (DO NOT DELETE).
  3. There will not be a QR image created in Google Drive as well.

The benefits for making these changes are:

  • Create the perception that the file appears more secure than a plain text one.
  • Provide more clarity to the user as to the purpose of the file.
  • Reduce the chances of the user deleting the keyfile unintentionally.

A further enhancement to the process of creating the keyfile would be to add an email notication to the user describing the purpose of the file and the importance of not deleting it.

Option to accept partner-provided Google authentication tokens

This is a major improvement over Keysmith 1 which only allowed the provision of a complete (possibly redundant) Google single sign-on (SSO) flow.

This is needed because partners may already perform Google SSO in their application and they would like the flexibility to supply the token without requiring the user to go through another round of SSO in the same session.

This is the requirement thinking for the design described under External Google SSO with Keysmith.

For the purpose of referencing, this is termed as the external Google SSO process, or as "Bring your own Google Token" (BYOGT), as compared to internal Google SSO.