@arcadeum/ethauth
Advanced tools
____ ____ ____ ____ ____ ____ ____
||e |||t |||h |||a |||u |||t |||h ||
||__|||__|||__|||__|||__|||__|||__||
|/__\|/__\|/__\|/__\|/__\|/__\|/__\|
proof = eth.<address>.<claims>.<signature>.<extra>
The account address in hex encoding, ie. '0x9e63b5BF4b31A7F8d5D8b4f54CD361344Eb744C5'.
Note, you should not take the account address in the ethauth proof at face value -- you must parse the Proof and validate it with the library methods provided. The address is included when used to verify smart wallet based accounts (aka contract-based accounts).
a base64 encoded JSON object of
interface Claims {
app: string
iat: number
exp: number
n?: number
typ?: string
ogn?: string
}
Fields:
app (required) - App identifier requesting the issuance of the ethauth proofiat (required) - Issued at unix timestamp of when the ethauth proof has been signed/issuedexp (required) - Expired at unix timestamp of when the ethauth proof is valid untiln (optional) - Nonce value which can be used as a challenge number for added securitytyp (optional) - Type of authorization for this ethauth proofogn (optional) - Domain origin requesting the issuance of the ethauth proofSignature value of the claims message payload. The signature is computed by the EIP712 eth_signTypedData call of the claims object. The signature may be recoverable with ECRecover to determine the EOA address, or you may have a different encoding such as one used with EIP-1271, to validate the contract-based account signature.
ethauth-proof = eth.0x89d9f8f31817badb5d718cd6fb483b71dbd2dfed.eyJhcHAiOiJFV1RUZXN0IiwiaWF0IjoxNTk1NTMwODQwLCJleHAiOjE1OTU1MzExNDB9.0x233ab9164a677a41acc8d52c9e1d1a621acebf9bc8d956c8474618b589acebe10cc350deb4b02bf6951cec8bd23507170f204ca326a5a264b8f6f67fa2619c251c
decodes & verifies to:
0x89D9F8f31817BAdb5D718CD6fb483b71DbD2dfeD{"app":"EWTTest","iat":1595530840,"exp":1595531140}0x233ab9164a677a41acc8d52c9e1d1a621acebf9bc8d956c8474618b589acebe10cc350deb4b02bf6951cec8bd23507170f204ca326a5a264b8f6f67fa2619c251cethauth-proof = eth.0x9e63b5bf4b31a7f8d5d8b4f54cd361344eb744c5.eyJpYXQiOjE1OTQ3NDM4NDgsImV4cCI6MTYyNjI3OTg0OCwibiI6MTMzN30.0x000100012dd090aec5e4a9678f7968533c10fc42b07b9a23fa3b719f79a861adcfc7e1d958e3521bb061c34072f5435681390ccc9be19bf9da32320bd2356d0b4b4d316b1c02
decodes & verifies to:
0x9e63b5bf4b31a7f8d5d8b4f54cd361344eb744c5{"iat":1594743848,"exp":1626279848,"n":1337}0x000100012dd090aec5e4a9678f7968533c10fc42b07b9a23fa3b719f79a861adcfc7e1d958e3521bb061c34072f5435681390ccc9be19bf9da32320bd2356d0b4b4d316b1c02MIT
FAQs
ETHAuth -- self-signed authorization proofs
The npm package @arcadeum/ethauth receives a total of 0 weekly downloads. As such, @arcadeum/ethauth popularity was classified as not popular.
We found that @arcadeum/ethauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.
Security News
The npm package for the LottieFiles Player web component was hit with a supply chain attack after a software engineer's npmjs credentials were compromised.