npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@0xsequence/ethauth

v1.0.0

Published

ETHAuth -- self-signed authorization proofs

Downloads

20,932

Readme

 ____ ____ ____ ____ ____ ____ ____
||e |||t |||h |||a |||u |||t |||h ||
||__|||__|||__|||__|||__|||__|||__||
|/__\|/__\|/__\|/__\|/__\|/__\|/__\|

Usage

pnpm add @0xsequence/ethauth (or yarn add ... or npm install ...)

Format

proof = eth.<address>.<claims>.<signature>.<extra>

Address

The account address in hex encoding, ie. '0x9e63b5BF4b31A7F8d5D8b4f54CD361344Eb744C5'.

Note, you should not take the account address in the ethauth proof at face value -- you must parse the Proof and validate it with the library methods provided. The address is included when used to verify smart wallet based accounts (aka contract-based accounts).

Claims

a base64 encoded JSON object of

interface Claims {
  app: string
  exp: number
  iat?: number
  n?: number
  typ?: string
  ogn?: string
}

Fields:

  • app (required) - App identifier requesting the issuance of the ethauth proof
  • exp (required) - Expired at unix timestamp of when the ethauth proof is valid until
  • iat (optonal) - Issued at unix timestamp of when the ethauth proof has been signed/issued
  • n (optional) - Nonce value which can be used as a challenge number for added security
  • typ (optional) - Type of authorization for this ethauth proof
  • ogn (optional) - Domain origin requesting the issuance of the ethauth proof

Signature

Signature value of the claims message payload. The signature is computed by the EIP712 eth_signTypedData call of the claims object. The signature may be recoverable with ECRecover to determine the EOA address, or you may have a different encoding such as one used with EIP-1271, to validate the contract-based account signature.

Example ETHAuth encoding / decoding

EOA account signature

ethauth-proof = eth.0x89d9f8f31817badb5d718cd6fb483b71dbd2dfed.eyJhcHAiOiJFV1RUZXN0IiwiaWF0IjoxNTk1NTMwODQwLCJleHAiOjE1OTU1MzExNDB9.0x233ab9164a677a41acc8d52c9e1d1a621acebf9bc8d956c8474618b589acebe10cc350deb4b02bf6951cec8bd23507170f204ca326a5a264b8f6f67fa2619c251c

decodes & verifies to:

  • account address: 0x89D9F8f31817BAdb5D718CD6fb483b71DbD2dfeD
  • claims: {"app":"EWTTest","iat":1595530840,"exp":1595531140}
  • signature: 0x233ab9164a677a41acc8d52c9e1d1a621acebf9bc8d956c8474618b589acebe10cc350deb4b02bf6951cec8bd23507170f204ca326a5a264b8f6f67fa2619c251c

Contract-based account signature (verifiable with EIP 1271)

ethauth-proof = eth.0x9e63b5bf4b31a7f8d5d8b4f54cd361344eb744c5.eyJpYXQiOjE1OTQ3NDM4NDgsImV4cCI6MTYyNjI3OTg0OCwibiI6MTMzN30.0x000100012dd090aec5e4a9678f7968533c10fc42b07b9a23fa3b719f79a861adcfc7e1d958e3521bb061c34072f5435681390ccc9be19bf9da32320bd2356d0b4b4d316b1c02

decodes & verifies to:

  • account address: 0x9e63b5bf4b31a7f8d5d8b4f54cd361344eb744c5
  • message: {"iat":1594743848,"exp":1626279848,"n":1337}
  • signature: 0x000100012dd090aec5e4a9678f7968533c10fc42b07b9a23fa3b719f79a861adcfc7e1d958e3521bb061c34072f5435681390ccc9be19bf9da32320bd2356d0b4b4d316b1c02

LICENSE

MIT