GridWhale is currently implemented in a separate arcology from Hexarc, but we'd like to use Hexarc usernames to sign in to GridWhale. This spec describes how to do that.


Login proceeds as follows:

  1. GridWhale prompts for a username and password (via HTTPS only).
  2. GridWhale service calls an API on to validate the username and password.
  3. On success, Hexarc returns an abbreviated user record and registers it as a login. We do not return any kind of auth token that could be used on Hexarc.
  4. On failure, Hexarc returns FALSE and we log it as an invalid login.
  5. We ask GridWhale Cryptosaur to generate an auth token for a user of the form "@GridWhale:xyz" where xyz is the username. This combines user creation (if necessary), scoped credentials, and login.
  6. After that, we validate the auth token as normal.