KYC Procceses

The implementation for KYC has yet to be finalized. The KYC process is likely to be done via Mezzanine's embedded wallet and user interface.

Mezzanine's protocol will be interactable with any account that it is deployed on. Mezzanine KYC processes will be implemented both on the user interface and via the Mezzanine wallet. The user interface will bar the user from interacting with accounts that are not KYC'd. Certain actions in Mezzanine's user interface will also require the user to be an accredited investor, such as participating in a company's priced round.

The Mezzanine wallet will require on-chain validation via a cryptographic access token to send transactions. To execute a function via the wallet, a valid signature from a set of validators must be provided. The exact implementation has still yet to be fully specified.

To authenticate, we will utilize privy’s standard OAuth flow.

The flow is the same for both and client’s websites using MezzSDK

Authentication & Authorization Flow

To authenticate, we will utilize Privy’s standard OAuth flow. The flow is the same for both and client’s websites using MezzSDK

  1. Initiation: When a user initiates a login via the frontend interface, the backend generates an authentication challenge. This challenge is a uniquely created string formulated in the backend.

  2. Signing Challenge: The user then employs their embedded wallet (privy) to digitally sign this challenge. The device processes the string and produces a cryptographic signature.

  3. Signature Transmission: This signature is transmitted back to the frontend.

  4. Verification: The frontend forwards the signature to the backend. The backend then verifies the signature against the known public key of the user’s embedded wallet.

  5. OAuth Token Generation: Once verified, the backend issues OAuth tokens to the frontend.

  6. Authorization: The frontend utilizes the access token to authorize subsequent backend API requests.

  7. Token Refresh: To maintain continued access, the frontend can request new access tokens using the refresh token, as needed.


Reauthentication might happen for the following reasons:

  • The user signed out and now wants to sign in again

  • The user’s access token & refresh token expired due to inactivity, and the user wants to sign in again

Last updated