🎎Authentication Integration

To integrate user authentication with your backend system

Authentication Integration Flow

Some of the key features include:

Assign an EOA to an enduser
Authenticate the user in backend

Additional development is required as follows

Outline

If you are using Ethereum Signature Validator for verification, you need to restore the message that was used for the signature on the backend. Please add the following code to your backend. The reason for not sending the restored message directly from the frontend is to ensure that the message generated on the backend is revealed to be used for the signature. Without this assurance, there is a possibility of picking up any string and signature and impersonating someone else.

Summary

Implementation Details of above Flow at No9

Refetch the originalMessage
Add the logic to generate messageToBeSigned from originalMessage

// ① Fetch the originally generated string that was passed to the user
const originalMessage = await this.findOne(eoa)

let messageToBeSigned
if (prefix) {
	// ② Restore the messageToBeSigned, from the originalMessage, that was signed inside Startrail-sdk-js.
  messageToBeSigned = `${prefix}${originalMessage.length.toString()}${originalMessage}`;
} else {
	// Write the logic in case the prefix is undefined given the usecase that popup is not hidden
  messageToBeSigned = originalMessage
}

// HTTP call to Validator-API (message: messageToBeSigned, signature, address )

PreviousMetaMask NextErrors

Last updated 2 years ago

Was this helpful?

// ① Fetch the originally generated string that was passed to the user
const originalMessage = await this.findOne(eoa)

let messageToBeSigned
if (prefix) {
	// ② Restore the messageToBeSigned, from the originalMessage, that was signed inside Startrail-sdk-js.
  messageToBeSigned = `${prefix}${originalMessage.length.toString()}${originalMessage}`;
} else {
	// Write the logic in case the prefix is undefined given the usecase that popup is not hidden
  messageToBeSigned = originalMessage
}

// HTTP call to Validator-API (message: messageToBeSigned, signature, address )