/challenge/verify/evm request body

jabba · December 28, 2022, 3:12am

What request body is needed for /challenge/verify/evm?

I followed Sign In with MetaMask document. I can see my Next.js app presents user’s address profileId and signature like this

User session:
{
  "address": "0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b",
  "profileId": "0xe7285226dd8d301c9f1b25c60cb155fd76a683605d815763aa4bdfdb7e8292b5",
  "signature": "0x5e7cbf76184b8cbddf334xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx70ce88ddee76830bb31b"
}

Then I try to verify the signature by /challenge/verify/evm. But it returns Invalid message error.

What kind of message is needed here?

Input params

message

deblog.club wants you to sign in with your Ethereum account:\n0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\n\nPlease sign this message to confirm your identity.\n\nURI: http://localhost:3000\nVersion: 1\nChain ID: 1\nNonce: waXwRE8zYj9WBEfVx\nIssued At: 2022-09-27T14:02:19.212Z

signature (copied from Next.js users page)

0x5e7cbf76184b8cbddf334xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx70ce88ddee76830bb31b

Result

{
  "statusCode": 400,
  "name": "Error",
  "message": "Invalid message: {\"success\":false,\"state\":103,\"length\":276,\"matched\":0,\"maxMatched\":60,\"maxTreeDepth\":15,\"nodeHits\":258,\"inputLength\":276,\"subBegin\":0,\"subEnd\":276,\"subLength\":276}"
}

cryptokid · September 27, 2022, 3:41pm

Only message and signature. You can test it directly in swagger interface too. You will find the link in documentation on the first page.

jabba · September 27, 2022, 4:04pm

Yeah I checked swagger as well.
Unfortunately, I’m getting the same error response.

https://authapi.moralis.io/api-docs/#/challenge/verifyChallengeEvm

I think I’m putting a wrong message. No?

deblog.club wants you to sign in with your Ethereum account:\n0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\n\nPlease sign this message to confirm your identity.\n\nURI: http://localhost:3000\nVersion: 1\nChain ID: 1\nNonce: waXwRE8zYj9WBEfVx\nIssued At: 2022-09-27T14:02:19.212Z

Do you know the proper way to generate the message?

qudusayo · September 27, 2022, 4:18pm

jabba:

User session:
{
  "address": "0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b",
  "profileId": "0xe7285226dd8d301c9f1b25c60cb155fd76a683605d815763aa4bdfdb7e8292b5",
  "signature": "0x5e7cbf76184b8cbddf334xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx70ce88ddee76830bb31b"
}

Since you followed the mentioned tutorial in the docs, you already called the /challenge/verify/evm with Moralis.Auth.verify.

You can read more about the syntax here

jabba · September 27, 2022, 4:24pm

Yes, Next.js app already called the verify

What I’m trying to do is to check the signature is valid or not on server side.

Next.js app verified and get signature
Next.js app send the signature to Rails servier.
Rails server confirm the signature is valid or not.

In Step 3, I need to call /challenge/verify/evm with the signature again.

Please let me know if my understanding is not correct.

cryptokid · September 27, 2022, 4:27pm

What doesn’t work?
You can see the format directly in the swagger. Sometimes a different enter format or some message parameter with invalid value or missing could cause errors.

You should be able to test is successfully in the swagger when everything is set as expected.

jabba · September 27, 2022, 4:32pm

I cannot get 201 response from /challenge/verify/evm
It just return 400.

To put console log message on Next.js app before verifiy
Next.js app passes the verify and present signature.
Copy the signature and message into the /challenge/verify/evm
Response is 400 Invalid message

Do you know the proper way to generate the message?

cryptokid · September 27, 2022, 4:33pm

The message is generated first, you can generate it directly in swagger, sign it and then verify it.

qudusayo · September 27, 2022, 4:40pm

The generated message seemed to be multiline which is returned from the request message.

jabba · September 27, 2022, 4:46pm

I’m putting this message

deblog.club wants you to sign in with your Ethereum account:\n0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\n\nPlease sign this message to confirm your identity.\n\nURI: http://localhost:3000\nVersion: 1\nChain ID: 1\nNonce: waXwRE8zYj9WBEfVx\nIssued At: 2022-09-27T14:02:19.212Z

Instead of this one. Cause it should be one line.

deblog.club wants you to sign in with your Ethereum account:
0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b

Please sign this message to confirm your identity.

URI: http://localhost:3000
Version: 1
Chain ID: 1
Nonce: waXwRE8zYj9WBEfVx
Issued At: 2022-09-27T14:02:19.212Z

Right?

cryptokid · September 27, 2022, 4:51pm

Yes, it should be one line

jabba · September 27, 2022, 6:09pm

Ok. So the curl request it like this

curl --request POST \
     --url https://authapi.moralis.io/challenge/verify/evm \
     --header 'X-API-KEY: GDlFIJ8uIErqaQCfxxxxxxxxxxxxxxxxxxxxxxxxW36wjmwWb' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
     "signature": "0xbc53bf24906e51d0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf285171b",
     "message": "deblog.club wants you to sign in with your Ethereum account:\\n0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\\n\\nPlease sign this message to confirm your identity.\\n\\nURI: http://localhost:3000\\nVersion: 1\\nChain ID: 1\\nNonce: tL8ejuiK6RUFhPXrE\\nIssued At: 2022-09-27T16:55:03.381Z"
}

and it returns 400. Why?

response

{
  "statusCode": 400,
  "name": "Error",
  "message": "Invalid message: {\"success\":false,\"state\":103,\"length\":276,\"matched\":0,\"maxMatched\":60,\"maxTreeDepth\":15,\"nodeHits\":258,\"inputLength\":276,\"subBegin\":0,\"subEnd\":276,\"subLength\":276}"
}

I regenerate the signature more than 10 times and try it. But the response is 400 every time. I think I input something wrong. Because the error message clearly says “Invalid message”

cryptokid · September 27, 2022, 6:17pm

this format seems strange, maybe it is expected to be with two \

jabba · September 27, 2022, 6:53pm

hmm. I changed like this. but it’s not working.

deblog.club wants you to sign in with your Ethereum account:\\0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\\\\Please sign this message to confirm your identity.\\\\URI: http://localhost:3000\\Version: 1\\Chain ID: 1\\Nonce: tL8ejuiK6RUFhPXrE\\Issued At: 2022-09-27T16:55:03.381Z

jabba · September 27, 2022, 6:58pm

This one is not working as well.

curl --request POST \
     --url https://authapi.moralis.io/challenge/verify/evm \
     --header 'X-API-KEY: GDlFIJ8uIErqaQCfTQxxxxxxxxxxxxxxxwjmwWb' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
     "signature": "0x33ab7687c3bf3xxxxxxxxxxxxxxxxxxxx336188a0496c03f161b",
     "message": "deblog.club wants you to sign in with your Ethereum account: 0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b  Please sign this message to confirm your identity.  URI: http://localhost:3000 Version: 1 Chain ID: 1 Nonce: uuY77ky0uqo4dGhCD Issued At: 2022-09-27T18:56:01.089Z"
}
'

cryptokid · September 27, 2022, 7:01pm

you could try with \n instead of \\n

cryptokid · September 27, 2022, 8:13pm

maybe this tutorial will help you more

jabba · September 27, 2022, 8:19pm

oh yeah. This is nice. I’ll go though this document. Thx!

jabba · September 28, 2022, 8:45am

you could try with \n instead of \\n

The error message is slightly different if I send a message with \n

{
  "statusCode": 400,
   "name": "NotFoundException",
   "message": "Challenge not found, Timeout may have exceeded"
}

Why? it’s changed??

cryptokid · September 28, 2022, 9:47am

there is a timeout for a challenge, that default time of 15 seconds that you could change to more