LiquidAuth allows authentication of offchain APIs and services using EOSIO permissions and contract.
Essentially what's going on in the background is this:
Contract stakes to LiquidAuth service
Auth client used to create a signed message using the contract's private key that can sign for authentikeos:xauthusage
This unbroadcasted trx is sent to the DSP who runs the trx to ensure that the permission is indeed correct
If the correct signature has signed, DSP fulfills request, say for example authenticating a LiquidStorage get uri api call.
An example of this is using the LiquidStorage service. Under the hood LiquidAuth is used to collect and create the offline signature used to authenticate against the LiquidStorage APIs. This signature must not have expired, it must be signed by the account that has staked for the services, and the payload signed is verified against the signature to ensure what is being requested is what was included in the signed message.
The private key associated with calling this method authentikeos:xauthusage can be link auth'd to a separate permission level, say call it API which is under the active permission level. By doing this, the active key no longer needs to be exposed when signing the authentication message.
Zeus - Zeus installs eos and the eosio.cdt if not already installed