-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Signature Authentication with Metamask + Express #329
Comments
Just to note that this issue cuts across two repos - Frontend signs the message, a backend route on OpenQ-Github-OAuth-Server (soon to simply be renamed OpenQ-Auth since it does both OAuth and Web3 auth) will then recover address and compare against the desired resource ID to authorize. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
This is a two part issue requiring knowledge of message signing with Metamask using
personal_sign
on the CLIENTSIDE, and how to recover addresses from signed messages using ether.js Cryptographic Utilities on the SERVER SIDE.This feature is in support of crypto-native authentication for off-chain data for OpenQ. We have a MongoDB which will be home to non-critical off-chain data like bounty watchlists
Updates to user's info will be keyed on their Eth address, and authenticated as such using message signatures.
Authentication Flow
utils/ecdsaRecover.js
.Out of Scope
Notes and Resources
We just need
personal_sign
for this, not EIP-712. More info on the various signing methods here: https://docs.metamask.io/guide/signing-data.html#a-brief-historyethereum/go-ethereum#2940
The text was updated successfully, but these errors were encountered: