Skip to content
osvauld

Adding a Credential

Sequence Diagram

Sequence diagram for adding a credential

User Request

  1. The user initiates the addition of a new credential to a folder.
  2. The client sends a request to the server to fetch all users who have access to the folder.
  3. The server returns the list of users with access to the folder.

Background Service Processing

  1. The user fills in the credential fields and sends the fields along with the users to the background service.
  2. The background service sends the credential fields to the WASM service for encryption with each user’s public key.
  3. The WASM service encrypts the credential fields with each user’s public key.
  4. The WASM service returns the encrypted credential fields to the background service.
[
  {
    "userId": "user_id_1",
    "fields": [
      {
        "fieldName": "field_name",
        "fieldValue": "encrypted_field_value_user1",
        "fieldType": "field_type"
      }
    ]
  },
  {
    "userId": "user_id_2",
    "fields": [
      {
        "fieldName": "field_name",
        "fieldValue": "encrypted_field_value_user2",
        "fieldType": "field_type"
      }
    ]
  }
]```


8.  The background service returns the encrypted credential fields for each user to the client.
9.  The client then sends the whole payload to hash and then sign
10. The client sends the payload to the server with signature in the header.


## Server Processing


9.    The client sends the payload (encrypted credential fields for each user, name, description, domain) to the server.


```json


{
  "name": "credential_name",
  "description": "credential_description",
  "domain": "credential_domain",
  "users": [
    {
      "userId": "user_id_1",
      "fields": [
        {
          "fieldName": "field_name",
          "fieldValue": "encrypted_field_value_user1",
          "fieldType": "field_type"
        }
      ]
    },
    {
      "userId": "user_id_2",
      "fields": [
        {
          "fieldName": "field_name",
          "fieldValue": "encrypted_field_value_user2",
          "fieldType": "field_type"
        }
      ]
    }
  ]
}
  1. The server processes the request after verifying the signature.
  2. The server adds an entry to the credentials table with the provided name, description, and domain. For each user: The server adds entries to the fields table with the encrypted field values. For each user: The server infers the access type based on the folder access and adds entries to the credential_access table.
  3. The server returns the response (success/failure) to the user.
Note: When a new credential is added to a folder, it is automatically shared with all users who have access to that folder. The server infers the access type for each user based on their folder access and adds the necessary entries to the credentials, fields, and credential_access tables.