Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

web3tokn

Package Overview
Dependencies
Maintainers
0
Versions
2
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

web3tokn

Web3 Token is a new way to authenticate users in hybrid dApps using signed messages. Implementation of EIP-4361

  • 1.0.6
  • unpublished
  • npm
  • Socket score

Version published
Weekly downloads
4
decreased by-93.55%
Maintainers
0
Weekly downloads
 
Created
Source

Project Presentation

Web3 Token

Web3 Token is a new way to authenticate users. See this article for more info. Implementation of EIP-4361.

🕹 Demo

Version 0.2 updates 🎉

  • I'm now 90% following EIP-4361. Why 90%? Because i don't like some things in that standard that makes it more difficult to use it for developers.
  • body (3rd parameter) is now deprecated.

Version 1.0 updates 🥂

  • Package codebase moved to Typescript

Install

With web3 package:

$ npm i web3-token web3

or with ethers package:

$ npm i web3-token ethers

Example usage (Client side)

Using Web3 package:

import Web3 from 'web3';
import Web3Token from 'web3-token';

// Connection to MetaMask wallet
const web3 = new Web3(ethereum);
await ethereum.request({ method: 'eth_requestAccounts'});

// getting address from which we will sign message
const address = (await web3.eth.getAccounts())[0];

// generating a token with 1 day of expiration time
const token = await Web3Token.sign(msg => web3.eth.personal.sign(msg, address), '1d');

// attaching token to authorization header ... for example

Using Ethers package:

import { ethers } from "ethers";
import Web3Token from 'web3-token';

// Connection to MetaMask wallet
const provider = new ethers.providers.Web3Provider(window.ethereum);
const signer = provider.getSigner();

// generating a token with 1 day of expiration time
const token = await Web3Token.sign(async msg => await signer.signMessage(msg), '1d');

// attaching token to authorization header ... for example

Example usage (Server side)

const Web3Token = require('web3-token');

// getting token from authorization header ... for example
const token = req.headers['Authorization']

const { address, body } = await Web3Token.verify(token);

// now you can find that user by his address 
// (better to do it case insensitive)
req.user = await User.findOne({ address });

Handle exceptions

const generateToken = async () => {
  if (!window.ethereum) {
    return console.log('Please install and activate the metamask extension!');
  }

  const provider = new ethers.providers.Web3Provider(window.ethereum);
  const signer = provider.getSigner();

  try {
    return await Web3Token.sign(async msg => {
      try {
        return await signer.signMessage(msg);
      }
      catch (err) {
        const { reason } = err;
        if (reason === "unknown account #0") {
          return console.log('Have you unlocked metamask and are connected to this page?')
        }

        console.log(err.toString());
      }
    }, '1d');
  }
  catch (err) {
    if (/returns a signature/.test(err.toString())) {
      return;
    }
    console.log(err.toString());
  }
}

Advanced usage with options (Client&Server side)


// I assume here a lot of things to be imported 😀

const token = await Web3Token.sign(async msg => await signer.signMessage(msg), {
  domain: 'worldofdefish.com',
  statement: 'I accept the WoD Terms of Service: https://service.org/tos',
  expires_in: '3 days',
  // won't be able to use this token for one hour
  not_before: new Date(Date.now() + (3600 * 1000)),
  nonce: 11111111,
});

const { address, body } = await Web3Token.verify(token, {
  // verify that received token is signed only for our domain
  domain: 'worldofdefish.com'
});


API

sign(signer, options)

NameDescriptionRequiredExample
signerA function that returns a promise with signature string eg: web3.personal.sign(data, address)required(body) => web3.personal.sign(body, '0x23..1234')
optionsAn options object or, if passed a string, will be used as an expires_in optionoptional (default: '1d'){} or '1 day'
options.expires_inA string that represents a time span (see ms module) or a number of millisecondsoptional (default: 1d)'1 day'
options.not_beforeA date after which the token becomes usableoptionalnew Date('12-12-2012')
options.expiration_timeA date till when token is valid. Overwrites expires_in parameteroptionalnew Date('12-12-2012')
options.statementA human-readable ASCII assertion that the user will sign, and it must not contain '\n'optional'I accept the ServiceOrg Terms of Service: https://service.org/tos'
options.domainAuthority that is requesting the signing.optional(Unless verifier won't ask for it)'example.com'
options.nonceA token used to prevent replay attacks, at least 8 alphanumeric characters.optional12345678
options.request_idA system-specific identifier that may be used to uniquely refer to the sign-in request.optional231

verify(token, options)

NameDescriptionRequiredExample
tokenA token string that is generated from sign()required...
optionsAn options objectoptional{ domain: 'example.com' }
options.domainThe domain you want to acceptoptional'example.com'

License

Web3 Token is released under the MIT license. © 2023 Miroslaw Shpak

Keywords

FAQs

Package last updated on 31 Oct 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc