Authentication Flow

The user initiates the authentication process by accessing the authentication page.
A self custodial wallet prompts the user to share their public address.
In the background, the address is utilized in the /v1/account/:address/nonce endpoint to generate and store a nonce in the database. Simultaneously, a nonce is returned to the page for future use. The nonce plays a part in preventing replay & man in the middle attacks.
The page uses the self custodial wallet to prompt the user to sign a message concatenated with the nonce.
The signed message is then posted to the /v1/account/:address/verifySignature endpoint for verification.
The service derives the public key from the signature, extracts the address, and compares it with the one in the URL.
If the addresses match, the user is authenticated, and a JWT secret is issued for authorization

Last updated 11 months ago

The user initiates the authentication process by accessing the authentication page.
A self custodial wallet prompts the user to share their public address.
In the background, the address is utilized in the /v1/account/:address/nonce endpoint to generate and store a nonce in the database. Simultaneously, a nonce is returned to the page for future use. The nonce plays a part in preventing replay & man in the middle attacks.
The page uses the self custodial wallet to prompt the user to sign a message concatenated with the nonce.
The signed message is then posted to the /v1/account/:address/verifySignature endpoint for verification.
The service derives the public key from the signature, extracts the address, and compares it with the one in the URL.
If the addresses match, the user is authenticated, and a JWT secret is issued for authorization

Last updated 11 months ago