Hi, looking into how I could verify that a user is the owner of the address he claims he owns, the easiest way possible. I was looking into how I could utilize Waellet to sign a message and then paste it to our web page, where the server could verify the message validity against Aeternity.
Any advice, tips, examples to help out with this?
Thanks
Signed message will do the job as you thought yourself.
Another option is involving a smart contract of yours which expects the user to call certain function passing requested challenge by you.
Or maybe another way would be for you to ask the user to make a transaction (it could be a spendtx to themselves), with a requested/challenge payload which you will be later able to verify.
1 Like
Great, the first option does seem like the best solution. Do you have any examples maybe?
Also is there a way I could utilize waellet to make it easier for the user to do this? As in, if I could automatically invoke waellet from my page, to sign “verify me”, where the user can only click Accept.
If not, the user would need to open his waellet, go to menu => utilities => sign/verify message … and then type “verify me” (for example) and then copy the response onto the page, which is a bit harder for them.
Thanks Milen
Currently there is no automated way you can do that, so invoking waellet for signing a message only is a no go for now. I’d suggest to stick to the second approach which you suggested (i know its not the best UX).
You can make a feature request here for us to add this to the Aepp object which is injected by waellet. Our primary focus currently is having the waellet <> aepp communication compatible [see branch sdk-7.0.0-aex2] with other wallets via the AEX-2 standard though.
Edit:
You can use Aepp.request.connect from the Aepp object that waellet injects. It asks the person to confirm he can receive requests from the app and also for the app to see their current pub key.
1 Like
authentication will become very soon available in a similar way to GitHub - bitpay/bitauth: Authenticate with web services utilizing the same strategy as Bitcoin.
would this solve your problem @dusan ?
next step would be to enable login via .chain names.
2 Likes
Something like this yes, looking forward, good job 
Understood. For some reason I don’t see the Aepp object in Firefox. While I was going throught the Waellet code base I did see the object being exposed, that’s why I was hoping there is a programmatic way to do this, but it’s not visible for some reason
1 Like
Can you file an issue in github and provide more info about version and environment so we can track and fix that.
1 Like