Recover account with signed message

CirclesUBI / circles-api-legacy

User and organization profile service

GNU Affero General Public License v3.0

4 stars 0 forks source link

Recover account with signed message #75

Open edzillion opened 5 years ago

edzillion commented 5 years ago

Current implementation is to send message & signature to the backend to verify account ownership. The message is a timestamp. If the message is within ~5 (10?) mins of current time the the account address recovered from the msg and sig is used to find the relevant user record and send a verif to the phone.

edzillion commented 5 years ago

I am having problems signing and recovering; with the caveat that we are using ethers on the FE and web3 on the API:

https://ethereum.stackexchange.com/questions/69275/use-web3-to-recover-address-from-message-signed-by-ethers-js

edzillion commented 5 years ago

I did a test in which I signed the same message with web3 and ethers and compared them:

ethers_sig: { 
  recoveryParam: 0,
  r:'0x26a12022a1d49a2b9ca2d...',
  s:'0x2989604fc395b312e4cc3...',
  v: 27 
},
web3_sig: { 
  message: '1554463955373',
  messageHash: '0x26fe319265cb6443a61ae7dad32240c...',
  v: '0x1b',
  r: '0x826a7627420...',
  s: '0x77526a66118...',
  signature: '0x826a7627420f67dbd44a1e779c392a13...' 
}

If I run web3.eth.accounts.recover with the web3 signature I get the correct address.

edzillion commented 5 years ago

In https://github.com/CirclesUBI/circles-api/pull/78