Problem Description

Build a plugin for Flutter that handles an API based authentication process for iOS and Android that involves the in-app browser, after a successful authentication, the plugin should make subsequent API calls to our backend to retrieve data, store it in local storage and provide methods for accessing this data within the frontend application.

Technical Details

The Flutter plugin is an SDK used to fetch part of a private key of a wallet
Here is the authentication flow:

1. The external frontend application redirects to our frontend authentication URL with their re-direct URL, blockchain and the authentication provider they want to authenticate with as query parameters e.g. redirecturl=yourdomain.com&provider=google&blockchain=ethereum

2. Our frontend application receives the request from the query parameter in the URL and sends a request to our backend application.

3. Our frontend application then redirects the user to the external OAuth provider for authentication.

4. After successful authentication, the user is redirected back to our frontend application. Supabase Auth (external authentication provider) will automatically handle user creation // session creation for the new user and returns the session back to the frontend.

5. Our application creates the JWT and redirects the user to the external frontend application using the redirect URL from step 2.

6. The application gets this JWT, and using can now in a subsequent request can ask for the private key shards, reconstruct or recover the private key using our API endpoints.

7. The frontend application checks to see if there is an existing key share within the local storage of the application, if there is no existing keyshare, the frontend application will request a key creation at keygen endpoint from our backend. If there is a keyshare, it will call getshard endpoint to get the shard from our backend.

8. The external frontend application makes a request to getshard endpoint, which requests part of the private key and then reconstructs the private key using a reputable open-source shamir secret sharing library using the key in local storage and the key share fetched from getshard endpoint.

9. If the external frontend is creating a private key from keygen endpoint, the endpoint will respond with part of the private key. This should be stored within the applications local storage.

Acceptance Criteria

-Steps 1 & 7 - 9 are what are required for this plugin, this should be done in Flutter
-Should be compatible with iOS and Android
-Should utilise our authentication URL for the initial redirection.
-Should call our keygen / getshard endpoints
-Should securely store private keys in local storage
-Ability for plugin users to add their API key
-Should expose methods to sign into three different providers: Google, Discord and Metamask.
-Self contained, plugin should be publishable to pub.dev and easy to understand.
-Bounty hunter must be in good communication on Discord.