/challenge/verify/evm request body

cryptokid · September 27, 2022, 4:51pm

Yes, it should be one line

jabba · September 27, 2022, 6:09pm

Ok. So the curl request it like this

curl --request POST \
     --url https://authapi.moralis.io/challenge/verify/evm \
     --header 'X-API-KEY: GDlFIJ8uIErqaQCfxxxxxxxxxxxxxxxxxxxxxxxxW36wjmwWb' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
     "signature": "0xbc53bf24906e51d0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf285171b",
     "message": "deblog.club wants you to sign in with your Ethereum account:\\n0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\\n\\nPlease sign this message to confirm your identity.\\n\\nURI: http://localhost:3000\\nVersion: 1\\nChain ID: 1\\nNonce: tL8ejuiK6RUFhPXrE\\nIssued At: 2022-09-27T16:55:03.381Z"
}

and it returns 400. Why?

response

{
  "statusCode": 400,
  "name": "Error",
  "message": "Invalid message: {\"success\":false,\"state\":103,\"length\":276,\"matched\":0,\"maxMatched\":60,\"maxTreeDepth\":15,\"nodeHits\":258,\"inputLength\":276,\"subBegin\":0,\"subEnd\":276,\"subLength\":276}"
}

I regenerate the signature more than 10 times and try it. But the response is 400 every time. I think I input something wrong. Because the error message clearly says “Invalid message”

cryptokid · September 27, 2022, 6:17pm

this format seems strange, maybe it is expected to be with two \

jabba · September 27, 2022, 6:53pm

hmm. I changed like this. but it’s not working.

deblog.club wants you to sign in with your Ethereum account:\\0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\\\\Please sign this message to confirm your identity.\\\\URI: http://localhost:3000\\Version: 1\\Chain ID: 1\\Nonce: tL8ejuiK6RUFhPXrE\\Issued At: 2022-09-27T16:55:03.381Z

jabba · September 27, 2022, 6:58pm

This one is not working as well.

curl --request POST \
     --url https://authapi.moralis.io/challenge/verify/evm \
     --header 'X-API-KEY: GDlFIJ8uIErqaQCfTQxxxxxxxxxxxxxxxwjmwWb' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
     "signature": "0x33ab7687c3bf3xxxxxxxxxxxxxxxxxxxx336188a0496c03f161b",
     "message": "deblog.club wants you to sign in with your Ethereum account: 0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b  Please sign this message to confirm your identity.  URI: http://localhost:3000 Version: 1 Chain ID: 1 Nonce: uuY77ky0uqo4dGhCD Issued At: 2022-09-27T18:56:01.089Z"
}
'

cryptokid · September 27, 2022, 7:01pm

you could try with \n instead of \\n

cryptokid · September 27, 2022, 8:13pm

maybe this tutorial will help you more

jabba · September 27, 2022, 8:19pm

oh yeah. This is nice. I’ll go though this document. Thx!

jabba · September 28, 2022, 8:45am

you could try with \n instead of \\n

The error message is slightly different if I send a message with \n

{
  "statusCode": 400,
   "name": "NotFoundException",
   "message": "Challenge not found, Timeout may have exceeded"
}

Why? it’s changed??

cryptokid · September 28, 2022, 9:47am

there is a timeout for a challenge, that default time of 15 seconds that you could change to more

jabba · September 28, 2022, 10:12am

Even if I set the timeout to 60, the result is all the same.

Also I send the verify request instantly. It’s within a second.

const config = {
  domain: process.env.APP_DOMAIN,
  statement: 'please ...',
  uri: process.env.NEXTAUTH_URL,
  timeout: 60,
};

export default async function handler(req, res) {
  const { address, chain, network } = req.body;

  await Moralis.start({ apiKey: process.env.MORALIS_API_KEY });

  try {
    const message = await Moralis.Auth.requestMessage({
      address,
      chain,
      network,
      ...config,
    });

cryptokid · September 28, 2022, 10:25am

ok, then not the timeout is the issue, how does the message looks like now?

jabba · September 28, 2022, 10:59am

Now it’s like this

{
  "statusCode": 400,
   "name": "NotFoundException",
   "message": "Challenge not found, Timeout may have exceeded"
}

cryptokid · September 28, 2022, 11:08am

I mean the request that you send, what is the message there that was signed.

jabba · September 28, 2022, 11:49am

message is like this

"deblog.club wants you to sign in with your Ethereum account:\n0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\n\n\nURI: http://localhost:3000\nVersion: 1\nChain ID: 1\nNonce: ub6VkbzlwN
q3ueHBM\nIssued At: 2022-09-28T08:42:01.303Z"

cryptokid · September 28, 2022, 11:50am

You may need to add more fields to that message, like not before

jabba · September 28, 2022, 12:03pm

It’s because just I change the statement to blank when I Moralis.Auth.requestMessage.

const config = {
  domain: process.env.APP_DOMAIN,
  statement: '',
  uri: process.env.NEXTAUTH_URL,
  timeout: 60,
};

So the message is changed only statement part.

cryptokid · September 28, 2022, 12:09pm

Try to test with 55 timeout, it may not matter

And to add more parameters/fields to that config

jabba · September 28, 2022, 1:45pm

I changed 55 timeout and added all config listed here. But the response is all the same with 400 error.

cryptokid · September 28, 2022, 2:32pm

and same error message as here?