Address signing/verification
If you need to verify that a user owns a particular address, you can do it by offering to sign a message.
You can also verify ownership of address by requesting a payment from their address and this method is more appropriate if you need to receive a payment anyway.
To request the user to sign a message, send this message in chat:
where challenge
is the message to be signed. This request will be displayed in the user's wallet as a link that the user can click and confirm signing. Once the user signs it, your chat bot receives a specially formatted message:
You can parse and validate it, here is an example how to verify user's account address:
The above code also checks that the user signed the correct message and with the correct address.
objSignedMessage
received from the peer has the following fields:
signed_message
: (string) the signed messageauthors
: array of objects, each object has the following structure (similar to the structure ofauthors
in a unit):address
: (string) the signing addressdefinition
: (array) definition of the addressauthentifiers
: (object) signatures for different signing paths
To validate the message, call validation.validateSignedMessage
as in the example above.
Note that the challenge that you offer to sign must be both clear to the user and sufficiently unique. The latter is required to prevent reuse of a previously saved signed message.
Last updated