Human Verification
When an Intent requires human approval, SilentAuth notifies the designated approvers and presents them with the intent details. The approver reviews, then signs the approval using a strong authentication method — producing cryptographic proof of human presence.
Approval Flow
Your system calls createIntent(). SilentAuth logs the intent and evaluates it against the project policy.
Designated approvers receive a notification via email, Slack, or the SilentAuth dashboard with a link to review the intent details and parameters.
The approver opens the approval URL, reviews the action and params, then authenticates using passkey (WebAuthn), TOTP, or hardware key to sign their approval.
SilentAuth issues a cryptographically signed Permit JWT bound to the exact intent. The permit includes approver identity and timestamp.
Notification Channels
Approver receives a branded email with intent details and a one-click approval link. Requires no app install.
Post approval requests to a Slack channel or DM. Approvers can review and respond directly in Slack.
All pending intents appear in the SilentAuth dashboard. Approvers log in to review and approve.
Receive a webhook event and build your own notification UI or integrate with PagerDuty, OpsGenie, etc.
Authentication Methods
| Method | Strength | Notes |
|---|---|---|
| Passkey (WebAuthn) | Very High | Phishing-resistant. Device biometric or hardware key. Recommended. |
| Hardware Key (FIDO2) | Very High | YubiKey or similar. Best for high-security environments. |
| TOTP (Authenticator App) | High | Google Authenticator, Authy, 1Password. |
| Email Magic Link | Medium | One-time link sent to approver's inbox. Convenient, lower assurance. |