@0xsequence/ethauth
Advanced tools
____ ____ ____ ____ ____ ____ ____
||e |||t |||h |||a |||u |||t |||h ||
||__|||__|||__|||__|||__|||__|||__||
|/__\|/__\|/__\|/__\|/__\|/__\|/__\|
pnpm add @0xsequence/ethauth (or yarn add ... or npm install ...)
proof = eth.<address>.<claims>.<signature>.<extra>
The account address in hex encoding, ie. '0x9e63b5BF4b31A7F8d5D8b4f54CD361344Eb744C5'.
Note, you should not take the account address in the ethauth proof at face value -- you must parse the Proof and validate it with the library methods provided. The address is included when used to verify smart wallet based accounts (aka contract-based accounts).
a base64 encoded JSON object of
interface Claims {
app: string
exp: number
iat?: number
n?: number
typ?: string
ogn?: string
}
Fields:
app (required) - App identifier requesting the issuance of the ethauth proofexp (required) - Expired at unix timestamp of when the ethauth proof is valid untiliat (optonal) - Issued at unix timestamp of when the ethauth proof has been signed/issuedn (optional) - Nonce value which can be used as a challenge number for added securitytyp (optional) - Type of authorization for this ethauth proofogn (optional) - Domain origin requesting the issuance of the ethauth proofSignature value of the claims message payload. The signature is computed by the EIP712 eth_signTypedData call of the claims object. The signature may be recoverable with ECRecover to determine the EOA address, or you may have a different encoding such as one used with EIP-1271, to validate the contract-based account signature.
ethauth-proof = eth.0x89d9f8f31817badb5d718cd6fb483b71dbd2dfed.eyJhcHAiOiJFV1RUZXN0IiwiaWF0IjoxNTk1NTMwODQwLCJleHAiOjE1OTU1MzExNDB9.0x233ab9164a677a41acc8d52c9e1d1a621acebf9bc8d956c8474618b589acebe10cc350deb4b02bf6951cec8bd23507170f204ca326a5a264b8f6f67fa2619c251c
decodes & verifies to:
0x89D9F8f31817BAdb5D718CD6fb483b71DbD2dfeD{"app":"EWTTest","iat":1595530840,"exp":1595531140}0x233ab9164a677a41acc8d52c9e1d1a621acebf9bc8d956c8474618b589acebe10cc350deb4b02bf6951cec8bd23507170f204ca326a5a264b8f6f67fa2619c251cethauth-proof = eth.0x9e63b5bf4b31a7f8d5d8b4f54cd361344eb744c5.eyJpYXQiOjE1OTQ3NDM4NDgsImV4cCI6MTYyNjI3OTg0OCwibiI6MTMzN30.0x000100012dd090aec5e4a9678f7968533c10fc42b07b9a23fa3b719f79a861adcfc7e1d958e3521bb061c34072f5435681390ccc9be19bf9da32320bd2356d0b4b4d316b1c02
decodes & verifies to:
0x9e63b5bf4b31a7f8d5d8b4f54cd361344eb744c5{"iat":1594743848,"exp":1626279848,"n":1337}0x000100012dd090aec5e4a9678f7968533c10fc42b07b9a23fa3b719f79a861adcfc7e1d958e3521bb061c34072f5435681390ccc9be19bf9da32320bd2356d0b4b4d316b1c02MIT
FAQs
ETHAuth -- self-signed authorization proofs
The npm package @0xsequence/ethauth receives a total of 3,455 weekly downloads. As such, @0xsequence/ethauth popularity was classified as popular.
We found that @0xsequence/ethauth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Libxml2’s solo maintainer drops embargoed security fixes, highlighting the burden on unpaid volunteers who keep critical open source software secure.
Research
Security News
Socket investigates hidden protestware in npm packages that blocks user interaction and plays the Ukrainian anthem for Russian-language visitors.
Research
Security News
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.