No support for signing messages with walletConnectProvider

[ethwork]

Currently only the extension and ledger providers support signing messages. Will support for signing messages with the Maiar app be added? Without it developing dapps that use a backend authentication via signatures is more or less impossible for mobile users.

[michavie]

you can add an optional arbitrary token query param to the uri that is returned by the providers login() method (used for generating the QR code). once resolved it allows you to retrieve a signature via: https://github.com/ElrondNetwork/elrond-sdk-erdjs/blob/f0368251ff9a7e263214d1d88e8243c8ec0f8946/src/dapp/walletConnectProvider.ts#L116

[ethwork]

you can add an optional arbitrary token query param to the uri that is returned by the providers login() method (used for generating the QR code). once resolved it allows you to retrieve a signature via:

https://github.com/ElrondNetwork/elrond-sdk-erdjs/blob/f0368251ff9a7e263214d1d88e8243c8ec0f8946/src/dapp/walletConnectProvider.ts#L116

That looks very promising, thank you! How do I extract the token from the signature afterwards though?

[michavie]

since you provide/generate the token on the backend side, you have all the information available to verify signatures coming from the client. basically: generate random token & store for current 'session' -> let client sign it -> send signature + address to backend for verification -> use sig + address + saved token to verify

[ethwork]

since you provide/generate the token on the backend side, you have all the information available to verify signatures coming from the client. basically: generate random token & store for current 'session' -> let client sign it -> send signature + address to backend for verification -> use sig + address + saved token to verify

Thanks for the help so far. I still have trouble verifying the signature in my backend. This is what I've tried:

import { Address, UserVerifier, SignableMessage } from "@elrondnetwork/erdjs";
import { Signature } from "@elrondnetwork/erdjs/out/signature";

const address = new Address("erd1......");

const token = "exampleToken"; // this is passed to the login function
const signature = new Signature("574b..."); // the signature generated in the login flow

const verifier = UserVerifier.fromAddress(address);

const validSignature = verifier.verify(
  new SignableMessage({ address, signature, message: Buffer.from(token) })
);

console.log(validSignature); // FALSE

Any tips? I'm guessing the message needs to be something else than just the token, since signing a message with the token as message produces a different signature. I just don't know what.

[michavie]

@ethwork

the dapp providers sign a message in the format <address><token>{}

try Buffer.from(`${address}${token}{}`)

[ethwork]

@ethwork

the dapp providers sign a message in the format <address><token>{}

try Buffer.from(`${address}${token}{}`)

Works like a charm. Thank you so much for the help @michavie !

[schmitzt3]

@michavie Hello! Do you know what happened to the UserVerifier in the latest version of erdjs? (at this time @elrondnetwork/erdjs@^10.2.5)

[michavie]

@schmitzt3 it was moved to a separate repo: https://github.com/ElrondNetwork/elrond-sdk-erdjs-walletcore/blob/main/src/userVerifier.ts

[schmitzt3]

@michavie Classic - thank you!

[andreibancioiu]

The issue will be closed now. Wallet-connect provider supports message signing.

For future reference:

• https://github.com/multiversx/mx-sdk-js-wallet-connect-provider
• https://github.com/multiversx/mx-sdk-js-native-auth-server
• https://github.com/multiversx/mx-sdk-js-native-auth-client
• https://docs.multiversx.com/sdk-and-tools/sdk-js/sdk-js-cookbook#verifying-signatures
• https://docs.multiversx.com/sdk-and-tools/sdk-js/sdk-js-signing-providers#verifying-the-signature-of-a-login-token
• https://github.com/multiversx/mx-sdk-js-examples/blob/main/signing-providers