I'm looking to implement a "Verify with Bitcoin-OTC" feature for my web app. The general idea is the user would prove he owns a particular account on the external site Bitcoin-OTC and my app would accept/deny him based on his rating there.
Here's how I'm thinking of implementing this:
- User provides Bitcoin-OTC username.
- My app looks up his GPG fingerprint using this bitcoin-otc gem.
- My app presents the user with his encrypted one-time password and asks him to decrypt it.
- User provides decrypted password.
- My app verifies it with the gpg everify command on Freenode and accepts/denies the user.
The part I'm struggling with is step #5. I'm doing it this way because I'm not sure Bitcoin-OTC exposes an API. I'm not sure how to programmatically communicate with the bot on their IRC channel.
Steps 1-5 are basically how a user would verify himself on the Bitcoin-OTC IRC channel except my app is acting as a middleman.
My questions are:
- How can I achieve step #5?
- Does adding my app into this flow introduce any security risks?
Aucun commentaire:
Enregistrer un commentaire