Implement Solana Sign-In

[alfonso-paella]

We're looking to implement Solana sign-in for our project.

We need a client-side Javascript library + a server side nodejs library that implement sign-in with Solana, and use Firebase Auth for persistent auth sessions after sign in.

Here's the full list of steps we expect this to entail:

0. Create a sign-in entry point

1. When user initiates sign-in: 1.1 User "connects" with their wallet on the browser, via wallet adapter, and we get their pubkey 1.2 client sends pubkey to server: getauthchallenge/pubkey 1.3 Server generates a random nonce and stores in a temporary DB (firestore) the (nonce, pubkey) combination, with some TTL (e.g. of 1hr). 1.4 Server returns "nonce" to the client

2. On the client, take the nonce and have the user sign it with their wallet (e.g. Phantom). Note that the "nonce" actually also contains a user readable message on the lines of "Sign this message with your wallet to sign in to desolate.space. Nonce=28342765"

3. Send the signed payload back to the server: completeauthchallenge/(pubkey, payload, payload signature) 3.1 Extract nonce from payload 3.2 Lookup pubkey and TTL from DB, based off the nonce 3.3 Verify the payload contains "Sign this message with your wallet to sign in to desolate.space" 3.4 Verify signature corresponds to pubkey and isn't expired 3.5 If it's all correct, generate a JWT session token with Firebase (Firebase Auth Custom Tokens), and send it back to client

4. Client receives Firebase Auth Custom token 4.1. Call FirebaseAuth#signInWithCustomAuth(): this creates a refresh token (persistent session) which gets stored locally on the browser storage. And from this, access tokens are derived automatically every hour or so 4.2. Use firebase auth libraries for verifying access both on the client as well as on the server side

Links:

• Wallet adapter

[alfonso-paella]

Some useful links:

• Code pointers from ethereum scaffold-eth (same thing but in ethereum):
  • https://github.com/scaffold-eth/scaffold-eth/blob/serverless-auth/packages/api/src/lib/auth.ts
  • https://github.com/scaffold-eth/scaffold-eth/blob/serverless-auth/packages/api/src/functions/handler.ts
• Firebase Custom Auth tokens: https://firebase.google.com/docs/auth/admin/create-custom-tokens#web
• Sign message with solana wallet: https://docs.phantom.app/integrating/signing-a-message
• Verifying messages from Solana wallet: https://stackoverflow.com/questions/68294363/unable-to-verify-message-signed-by-sol-wallet-adapter

[alfonso-paella]

Library for crypto: https://github.com/dchest/tweetnacl-js