User authentication is flawed

[ineiti]

The current user authentication is flawed. To authenticate, a user:

1. logs into Gaspar
2. gets a signature from the auth-server on their ID and the master chain ID

However:

• there is no timeout, so anybody could take this signature and just forge any message they want to
• the messages sent to the service-api are not signed in any way, so the leader can change them at will

Proposed fix for the authentication:

1. When a user authentifies, they create an ephemeral keypair and send the ephemeral public key to the authentication server
2. The authentication server checks with Gaspar that the user is who they pretend to be
3. The authentication server creates a certificate by signing the ephemeral public key, together with a timestamp
4. This certificate is only valid for a given timeframe (30 minutes? 1 hour?)
5. Whenever the user wants to call the service-api, they sign the whole message including all the data with their ephemeral private key and add the certificate of the authentication server
6. The backend verifies the validity of the certificate by verifying the signature and the timestamp, then uses the public key in the certificate to verify the message from the user