Create Utility to Generate JWT for Secure Endpoints

[Rotorsoft]

Description

Develop a utility function inside /libs/api-client to generate JSON Web Tokens (JWT) for secure access to API endpoints. This utility should reproduce the authentication flows we are currently using (magic, wallet, canvas, privy?)

Project Owner

No response

Bucket ID

8694

User Stories / Acceptance Criteria

• A utility function is created that generates JWTs.
• Initially supports wallet auth and maybe canvas. Privy/Magic SSO options will be considered in future phases.
• JWT utility allows setting expiration times, etc - consider token refresh flow
• Unit tests cover JWT generation and validation.

Design Devlink

No response

Design Screenshot

No response

Additional Context

No response

[Rotorsoft]

@jnaviask who can take this one? @raykyri?

[jnaviask]

This may actually be something for @ianrowan or @egetekiner to look at ... but it depends on the context about how these JWTs will be used/consumed.

[timolegros]

For clarity, this ticket involves creating an 'authentication' function for the SDK

• Use a PRIVATE_KEY environment variable to sign a message attesting ownership
  • This should replicate the message signing with wallet behaviour from the client
• POST the signature to /verifyAddress (or new route)

The scope may include modifying /verifyAddress or creating a new authentication route which directly returns the JWT since in the current implementation, /verifyAddress returns a session cookie (/status returns the JWT based on session cookie).