Sign-In Flow · TinyCloud Protocol

The SDK sequence that turns a wallet signature into a working session with a scoped capability set, without exposing the owner key to the app.

The sign-in flow is the SDK sequence that turns one wallet signature into a working session with a scoped capability set — so the app acts with a delegated session key and never touches the owner key.

Actors

Owner DID (wallet) · ephemeral session did:key · the host node · the app manifest.

Sequence

Resolve address/chain and hosts; create a session key (WASM TCWSessionManager, tinycloud-sdk-wasm/src/session.rs).
resolveSignInCapabilities → the capabilities the manifest needs.
prepareSession builds the SIWE-ReCap message.
Wallet signs prepared.siwe → a CACAO.
completeSessionSetup mints the session UCAN (delegationHeader/CID) delegating from owner → session key.
checkNodeInfo → afterSignIn hooks → ensureSpaceExists (space-hosting via host-SIWE if the space is absent).

Thereafter the session key signs invocations with no further wallet prompts. The platform entry is NodeUserAuthorization.signIn (packages/node-sdk/...); prepareSessionForSigning/signInWithPreparedSession support external signers.

Crypto

One wallet signature (step 4) authorizes the whole composed capability set; the node validates the resulting chain via cacao-chain-validation. Replay is bounded by the SIWE nonce + time.

Relationships

Produces the session + root delegation that capabilities derive from; consumes the app manifest (and capability-composition for app+backend); hosts the space via space-hosting; the node-side counterpart is cacao-chain-validation.

Status & drift

Shipped. The exact prepareSession/completeSessionSetup implementations live in the WASM crate (sdk-rs/tinycloud-sdk-wasm), surfaced through sdk-core/src/userAuthorization.ts.

Sources

js-sdk: packages/node-sdk/src/authorization/NodeUserAuthorization.ts, packages/sdk-core/src/userAuthorization.ts
tinycloud-node: tinycloud-sdk-wasm/src/session.rs