FR: Verify session on server

[carlbarrdahl]

Is your feature request related to a problem? Please describe. It would be great if we could verify the user wallet on server-side. I know the address can be gotten from the cookie but this could be changed by the client.

Describe the solution you would like

import { getSession } from "@account-kit/core"

async function handler(req, res) {
  const session = await getSession()
  // session.address = "0x..."
  await db.post.create({ data: {...body, owner: session.address } })
}

Describe alternatives you have considered

• Using NextAuth and have the SmartAccount wallet sign a message to create a session.
• Using Privy or Web3Auth that support this use-case

[moldy530]

Ah yea we've discussed this internally as well. Right now, you can use the signer returned from the useSigner or even the account returned from useAccount to signMessage and then verify the message signature on the server and that it matches the SCA address for your user.

The other thing we want to expose is a stampWhoAmi method on the signer itself. with that method you would be able to send the stamp to your backend and then call our whoami endpoint on the server which will return the user id + signer address for that stamp (if the stamp is valid).