400 Bad Request on Moralis.auth.verify

sxl82510 · April 25, 2023, 8:50pm

The message that is being sent to the verify server is coming from the request message. The tutorial I followed is: https://docs.moralis.io/authentication-api/how-to-sign-in-with-metamask-angular

 {
  message: 'http://localhost:4200 wants you to sign in with your Ethereum account:\n' +
    '0xCEfbbaC5a6D5C194272949Ec7A678DF933d87095\n' +
    '\n' +
    'Please sign this message to confirm your identity.\n' +
    '\n' +
    'URI: http://localhost:4200\n' +
    'Version: 1\n' +
    'Chain ID: 5\n' +
    'Nonce: EXnlTMH2ug0w5Dr3p\n' +
    'Issued At: 2023-04-25T20:41:31.560Z',
  signature: '0x7ec154f52f9a3a032b492da8de3426d5d6eceef110e21a2276bb608f20badd5d72c14ffb297e256e19ceab043db63cfc2145588a46f106cc85cf72b12452a09d1b'
}

This is the response from Moralis SDK

MoralisError [Moralis SDK Core Error]: [C0006] Request failed, Bad Request(400): Invalid message: {"success":false,"state":103,"length":277,"matched":0,"maxMatched":5,"maxTreeDepth":15,"nodeHits":184,"inputLength":277,"subBegin":0,"subEnd":277,"subLength":277}

sxl82510 · April 25, 2023, 9:20pm

After changing the http://localhost:4200 to just localhost it worked, but it is a security issue since the domain requesting a sign in doesn’t match one requesting

cryptokid · April 26, 2023, 5:30am

Try to remove the protocol form that domain and keep only the domain and the port

sxl82510 · April 26, 2023, 10:21pm

I did that, but with that metamask will take that as someone trying to fish the user. It has probably got to do with the length of the message, or the checks being done on Moralis end with the string.

cryptokid · April 27, 2023, 5:31am

You only have to set the proper domain in the message if you get a warning in MetaMask.