Skip to main content

Time-based Authentication

k-ID implements sophisticated time-based authentication mechanisms across its various verification and consent flows to ensure security while maintaining usability. These time-sensitive elements help protect against unauthorized access attempts while providing reasonable windows for legitimate users to complete required actions.

Overview of Time-Based Security

Time-based authentication in k-ID serves multiple purposes:

  • Security: Prevents replay attacks and unauthorized access to sensitive operations
  • User Experience: Provides reasonable timeframes for users to complete actions
  • Compliance: Ensures adherence to privacy regulations regarding data handling and consent

When a player triggers an age gate verification process, k-ID generates several time-sensitive authentication elements:

One-Time Passwords (OTPs)

Each challenge creates a unique OTP that parents can use to access the consent portal. These OTPs are:

  • Generated automatically when a challenge is created
  • Short-lived for security purposes
  • Refreshable through the /challenge/generate-otp API
{
  "otp": "123ABC",
  "expiresAt": "2022-12-31T23:59:59Z"
}

QR Code URLs

The challenge response includes a URL that can be rendered as a QR code for easy mobile access. This URL:

  • Contains embedded OTP
  • Expires alongside the OTP
  • Provides a seamless mobile experience for parents

Email-Based Authentication

k-ID provides an optional email workflow that includes its own time-based security:

When using the /challenge/send-email API to send consent requests:

  • Email links expire after two weeks
  • Links contain cryptographically signed tokens
  • Expired links require generating new email requests

Environment-Specific Timeouts

k-ID implements different timeout periods based on the environment to optimize both security and development experience:

Test Environment

  • Shorter timeouts (typically 10 minutes or less)
  • Rapid expiration for quick iteration during development
  • Simplified testing of timeout scenarios

Production Environment

  • Longer timeouts for better user experience
  • 14-day email link lifetime for parental consent

When implementing k-ID's time-based authentication:

  1. Monitor expiration proactively rather than reactively
  2. Implement graceful degradation when credentials expire
  3. Provide clear user feedback about timeout status
  4. Test timeout scenarios thoroughly in test environments
  5. Plan for edge cases like network interruptions during refresh operations

The time-based authentication system in k-ID balances security requirements with user experience, ensuring that sensitive operations like parental consent remain secure while providing reasonable windows for completion. By understanding and properly implementing these time-sensitive elements, developers can create robust applications that handle the full spectrum of authentication scenarios effectively.