# KYC Procceses

*The implementation for KYC has yet to be finalized.  The KYC process is likely to be done via Mezzanine's embedded wallet and user interface.*

Mezzanine's protocol will be interactable with *any* account that it is deployed on.  Mezzanine KYC processes will be implemented both on the user interface and via the Mezzanine wallet.  The user interface will bar the user from interacting with accounts that are not KYC'd.  Certain actions in Mezzanine's user interface will also require the user to be an accredited investor, such as participating in a company's priced round. &#x20;

The Mezzanine wallet will require on-chain validation via a cryptographic access token to send transactions.  To execute a function via the wallet, a valid signature from a set of validators must be provided.  The exact implementation has still yet to be fully specified. &#x20;

To authenticate, we will utilize privy’s standard OAuth flow.

<br>

The flow is the same for both mezzanine.xyz/app and client’s websites using MezzSDK

<br>

## Authentication & Authorization Flow

To authenticate, we will utilize [Privy](https://docs.privy.io/)’s standard OAuth flow. The flow is the same for both mezzanine.xyz/app and client’s websites using MezzSDK

<figure><img src="https://lh7-us.googleusercontent.com/4km5UkZAYGZAVexMHPzR6RU_0iIn9Lil88JK3mU9iQZ498Dupakm9mr_SmKK_axXKlAtAxFOHGRqZ1olshQ5ZD1RIGzaY6WOBMwUnYiQqC0vOhAXgkwU7C-FAoLUFSCQ6B5wox5z-Hbu2XiM5iOegsQ" alt=""><figcaption><p>Diagram of the auth flow</p></figcaption></figure>

1. **Initiation**: When a user initiates a login via the frontend interface, the backend generates an authentication challenge. This challenge is a uniquely created string formulated in the backend.
2. **Signing Challenge**: The user then employs their embedded wallet (privy) to digitally sign this challenge. The device processes the string and produces a cryptographic signature.
3. **Signature Transmission:** This signature is transmitted back to the frontend.
4. **Verification:** The frontend forwards the signature to the backend. The backend then verifies the signature against the known public key of the user’s embedded wallet.
5. **OAuth Token Generation**: Once verified, the backend issues OAuth tokens to the frontend.
6. **Authorization**: The frontend utilizes the access token to authorize subsequent backend API requests.
7. **Token Refresh**: To maintain continued access, the frontend can request new access tokens using the refresh token, as needed.

## Reauthentication&#x20;

Reauthentication might happen for the following reasons:

* The user signed out and now wants to sign in again
* The user’s access token & refresh token expired due to inactivity, and the user wants to sign in again


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mezzanine.xyz/protocol/kyc-procceses.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.