@mountainpass/eth-sign
v1.0.31
Published
A wrapper for performing eth based sign and verify (client and server side).
Downloads
447
Readme
eth-sign
A wrapper for performing eth based sign and verify (client and server side).
Notes
When providing a message to sign, you should explain "why they need to sign, and what will happen"
For example:
Hi there from {firstName}! Press "Sign this message" to prove you have access to this wallet and we’ll log you in. This won’t cost you anything! To scuttle the plans of would-be wrong doers, here’s a one time message that is hard to guess (no need to save this): d458fa15-dcab-4d85-a477–004d6febca12
What this message does:
- Addresses the user
- Uses human language, no jargon
- Reiterates who the message is from
- Asks them to sign and explains what they’re signing
- Sets expectations and frames the message in terms of their goal: “by doing this you’ll be logged in”
- Explains why
- Makes it clear it’s not financial
- Includes the nonce for security purposes
- Or in other words… when faced with this message, your user understands what they need to do, why they need to do it and what will happen next.
ClientSide (UI) TLDR;
Provide user actions, to connect a wallet and sign a message:
Typescript
import ProviderWrapper from '@mountainpass/eth-sign'
const provider = new ProviderWrapper(new ethers.providers.Web3Provider(ethereum))
// state
const [accounts, setAccounts] = React.useState([] as string[])
const [signature, setSignature] = React.useState('-')
// actions
const doConnect = () => provider.connect(setAccounts)
const doSign = (msg: string) => provider.signMessage(msg).then(setSignature)
React.useEffect(() => provider.onAccountsChanged(setAccounts), [])
ServerSide (Backend) TLDR;
On the backend, determine the wallet that signed the message (based on having the original unsigned message):
Javascript
const ProviderWrapper = require('@mountainpass/eth-sign').default
const signerWallet = await new ProviderWrapper().verifyMessage(originalMessageSlashSalt, theSignedMessage)
License
Apache 2.0 © nickgrealy