| Apologies, the project isn't ready to be showcased yet. I literally woke up to a message from a friend that said it was on HN. I wish I could explain it on here, but I'm afraid it isn't that easy. Here's the high level overview: 1. mCaptcha sends a PoW configuration(first XHR request in the demo widget[0]) which includes a challenge text("string"), a salt and a difficulty factor 2. Client generates proof of work by concatenating "string" + salt until difficulty factor is met. If difficulty factor isn't satisfied, it will continue trying to generate Proof of Work(PoW) by appending nonce and incrementing it until the difficulty factor is satisfied. 3. Client sends PoW to mCaptcha, which includes nonce, original salt and "string"(second XHR request in the demo widget) 4.mCaptcha computes hash for "string" + salt + nonce. If difficulty factor is met(i.e resultant hash > difficulty factor), then mCaptcha responds with access token. 5. Client sends access token to the web service. 6. Web services authenticates access token with mCaptcha and only grants access to protected resource, if the token checks out. I will work on a more detailed specification and report back when it is ready(3 weeks, I think) [0]: https://demo.mcaptcha.org/widget/?sitekey=pHy0AktWyOKuxZDzFf... disclosure: author of mCaptcha |