Blocto
Search…
Sign Message
Sign and verify challenges for off-chain authentication
For dApps relying on signMessage for off-chain authentication, Blocto follows EIP-1654. To verify the signature, you need to call a method on the wallet contract to check if the signature came from a rightful owner of the wallet contract.
Dapper Labs has built the tools to carry out this verification:
Use it in your dApps:
Go
JavaScript
1
package main
2
​
3
import (
4
"log"
5
"net/http"
6
​
7
"github.com/ethereum/go-ethereum/ethclient"
8
"github.com/dapperlabs/dappauth"
9
)
10
​
11
// AuthenticationHandler ..
12
type AuthenticationHandler struct {
13
client *ethclient.Client
14
}
15
​
16
// NewAuthenticationHandler ..
17
func NewAuthenticationHandler(rawurl string) (*AuthenticationHandler, error) {
18
client, err := ethclient.Dial(rawurl)
19
if err != nil {
20
return nil, err
21
}
22
return &AuthenticationHandler{client: client}, nil
23
}
24
​
25
// ServeHTTP serves just a single route for authentication as an example
26
func (a *AuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
27
​
28
challenge := r.PostFormValue("challenge")
29
signature := r.PostFormValue("signature")
30
addrHex := r.PostFormValue("addrHex")
31
​
32
authenticator := dappauth.NewAuthenticator(r.Context(), a.client)
33
isAuthorizedSigner, err := authenticator.IsAuthorizedSigner(challenge, signature, addrHex)
34
if err != nil {
35
// return a 5XX status code
36
}
37
if !isAuthorizedSigner{
38
// return a 4XX status code
39
}
40
​
41
// create an authenticated session for address
42
// return a 2XX status code
43
}
44
​
45
func main() {
46
handler, err := NewAuthenticationHandler("https://mainnet.infura.io")
47
if err != nil {
48
log.Fatal(err)
49
}
50
​
51
log.Fatal(http.ListenAndServe(":8080", handler))
52
}
Copied!
1
const Web3 = require('web3');
2
const DappAuth = require('@dapperlabs/dappauth');
3
​
4
const dappAuth = new DappAuth(new Web3.providers.HttpProvider('http://localhost:8545'));
5
​
6
async function debug() {
7
const challenge = 'foo';
8
const signature =
9
'0x33838c6f4e621982c2009f9b93ecb854a4b122538159623abc87d2e4c5bd6d2e33591f443b419b3bd2790e455ba6d625f2ca14b822c5cef824ef7e9021443bed1c';
10
const address = '0x86aa354fc865925f945b803ceae0b3f9d856b269';
11
​
12
try {
13
const isAuthorizedSigner = await dappAuth.isAuthorizedSigner(
14
challenge,
15
signature,
16
address,
17
);
18
​
19
console.log(isAuthorizedSigner); // true
20
} catch (e) {
21
console.log(e);
22
}
23
}
Copied!
Last modified 4mo ago
Copy link