The Nonce token should be deleted once the signature has been validated.
In the event that a user authenticates to our application, it is possible to retrieve the information (wallet address, signed message address) as this data is public.
If we execute the query again after the user has authenticated within the validity time, we could usurp his identity.
The Nonce token should be deleted once the signature has been validated.
In the event that a user authenticates to our application, it is possible to retrieve the information (wallet address, signed message address) as this data is public.
If we execute the query again after the user has authenticated within the validity time, we could usurp his identity.