Tierion introduces set of open-source tools to create ‘trustless’ Lightning apps

Tierion, a blockchain technology company, announced today the release of a suite of tools to help enable Bitcoin-native authentication using LSATS – Lightning Service Authentication Tokens.

For several months, Tierion worked with engineers at Lightning Labs to develop Lightning Service Authentication Tokens (LSATs). The goal is to let users authenticate with services without requiring user accounts or storing any user data.

LSATs combine Bitcoin micro-payments over Lightning, with standards such as the 402: Payment Required HTTP status code, macaroons, and authorization headers.

“Bitcoin introduced the idea of a payment system native to the Internet. Innovative uses of Lightning show that the technology is valuable beyond financial transactions. LSATs are a step towards a world where we don’t have to trust third parties with our private information, and users have more secure and private authentication. We hope Boltwall and lsat-js is make it easy for developers to create applications built on top of a better authentication infrastructure.”
– The Tierion Team

Background

Authentication and Authorization are required for many web and mobile applications. Authentication establishes who is making a request, and Authorization sets the permissions for each user.

There are two notable downsides to the way modern applications implement authentication. First, they rely on third parties to store sensitive information. This information is frequently stolen or leaked, putting you at risk. Second, users’ real-world identities are often linked to authentication. Tying your real identity to a third party authentication service, such as Google or Facebook, reveals information about which services you use and how often you use them.

In 2019, Tierion started working on a solution to these problems. The team released Boltwall, a middleware for deploying lightning-powered paywall servers. The original version of Boltwall used a type of bearer credential, called macaroons, that were linked to lightning invoices. Requests were authorized based on whether or not the invoice was paid.

A few months later, Olaoluwa Osuntokun‏, CTO of Lightning Labs, announced a proposal for what he called “Lightning Service Authentication Tokens”. Though Boltwall was developed independently, the motivations described in the LSAT presentation closely matched Tierion’s: using lightning payments for authentication that did not rely on personal or private information.

Tierion recognized that a single standard was necessary. After Lightning Labs announced its own implementation, and the Tieron team decided to move in parallel towards the same goal. Tierion has worked with the developers at Lightning Labs to advance the LSAT standard, migrated Boltwall to be LSAT-compatible, and built a toolkit that lets developers use LSATs in their own applications.

The LSAT Toolkit:

Boltwall

Boltwall enables Bitcoin Lightning paywalls and authentication using LSATs. Users can charge to access their API without requiring user accounts, API keys, credit cards or storing any user data. All that is needed is a single line of code in the Expressjs server (or similar Nodejs framework such as Restify) in front of a route to be protected with a paywall. An LSAT will be issued to any client request trying to access that route.

Now-Boltwall

now-boltwall is a command line utility to help you easily deploy a live, Boltwall-enabled server that connects to a running lnd instance. It provides tools to help retrieve and set lnd connection credentials, set up a Boltwall configuration, and run a quick connection to a BTCPayServer. Servers are deployed using Zeit’s Now, a serverless deployment framework with a generous free-tier.

LSAT-js

lsat-js is a utility library written in TypeScript and compatible with most modern browsers. It provides tools to build, parse, and verify LSATs either on the server or client-side.

LSAT Playground

The Tierion team has developed a client-side web app that demonstrates all the tools available in lsat-js. LSAT Playground includes code snippets and gives users a place to interact with LSATs without having to write a single line of code. It even provides a live demo where users can pay using a testnet node to get timed access to an API protected with Boltwall.

Exit mobile version