Since you followed the mentioned tutorial in the docs, you already called the /challenge/verify/evm
with Moralis.Auth.verify
.
Yes, Next.js app already called the verify
What I’m trying to do is to check the signature is valid or not on server side.
- Next.js app verified and get signature
- Next.js app send the signature to Rails servier.
- Rails server confirm the signature is valid or not.
In Step 3, I need to call /challenge/verify/evm
with the signature again.
Please let me know if my understanding is not correct.
What doesn’t work?
You can see the format directly in the swagger. Sometimes a different enter format or some message parameter with invalid value or missing could cause errors.
You should be able to test is successfully in the swagger when everything is set as expected.
I cannot get 201 response from /challenge/verify/evm
It just return 400.
- To put console log message on Next.js app before verifiy
- Next.js app passes the verify and present signature.
- Copy the signature and message into the
/challenge/verify/evm
- Response is 400 Invalid message
Do you know the proper way to generate the message?
The message is generated first, you can generate it directly in swagger, sign it and then verify it.
The generated message seemed to be multiline which is returned from the request message.
I’m putting this message
deblog.club wants you to sign in with your Ethereum account:\n0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\n\nPlease sign this message to confirm your identity.\n\nURI: http://localhost:3000\nVersion: 1\nChain ID: 1\nNonce: waXwRE8zYj9WBEfVx\nIssued At: 2022-09-27T14:02:19.212Z
Instead of this one. Cause it should be one line.
deblog.club wants you to sign in with your Ethereum account:
0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b
Please sign this message to confirm your identity.
URI: http://localhost:3000
Version: 1
Chain ID: 1
Nonce: waXwRE8zYj9WBEfVx
Issued At: 2022-09-27T14:02:19.212Z
Right?
Yes, it should be one line
Ok. So the curl request it like this
curl --request POST \
--url https://authapi.moralis.io/challenge/verify/evm \
--header 'X-API-KEY: GDlFIJ8uIErqaQCfxxxxxxxxxxxxxxxxxxxxxxxxW36wjmwWb' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"signature": "0xbc53bf24906e51d0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf285171b",
"message": "deblog.club wants you to sign in with your Ethereum account:\\n0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\\n\\nPlease sign this message to confirm your identity.\\n\\nURI: http://localhost:3000\\nVersion: 1\\nChain ID: 1\\nNonce: tL8ejuiK6RUFhPXrE\\nIssued At: 2022-09-27T16:55:03.381Z"
}
and it returns 400. Why?
response
{
"statusCode": 400,
"name": "Error",
"message": "Invalid message: {\"success\":false,\"state\":103,\"length\":276,\"matched\":0,\"maxMatched\":60,\"maxTreeDepth\":15,\"nodeHits\":258,\"inputLength\":276,\"subBegin\":0,\"subEnd\":276,\"subLength\":276}"
}
I regenerate the signature more than 10 times and try it. But the response is 400 every time. I think I input something wrong. Because the error message clearly says “Invalid message”
this format seems strange, maybe it is expected to be with two \
hmm. I changed like this. but it’s not working.
deblog.club wants you to sign in with your Ethereum account:\\0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b\\\\Please sign this message to confirm your identity.\\\\URI: http://localhost:3000\\Version: 1\\Chain ID: 1\\Nonce: tL8ejuiK6RUFhPXrE\\Issued At: 2022-09-27T16:55:03.381Z
This one is not working as well.
curl --request POST \
--url https://authapi.moralis.io/challenge/verify/evm \
--header 'X-API-KEY: GDlFIJ8uIErqaQCfTQxxxxxxxxxxxxxxxwjmwWb' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"signature": "0x33ab7687c3bf3xxxxxxxxxxxxxxxxxxxx336188a0496c03f161b",
"message": "deblog.club wants you to sign in with your Ethereum account: 0x41Dd2e751dF10b27356cd1790567Ba6C4B5d933b Please sign this message to confirm your identity. URI: http://localhost:3000 Version: 1 Chain ID: 1 Nonce: uuY77ky0uqo4dGhCD Issued At: 2022-09-27T18:56:01.089Z"
}
'
you could try with \n
instead of \\n
maybe this tutorial will help you more
oh yeah. This is nice. I’ll go though this document. Thx!
you could try with
\n
instead of\\n
The error message is slightly different if I send a message with \n
{
"statusCode": 400,
"name": "NotFoundException",
"message": "Challenge not found, Timeout may have exceeded"
}
Why? it’s changed??
there is a timeout for a challenge, that default time of 15 seconds that you could change to more
Even if I set the timeout to 60, the result is all the same.
Also I send the verify request instantly. It’s within a second.
const config = {
domain: process.env.APP_DOMAIN,
statement: 'please ...',
uri: process.env.NEXTAUTH_URL,
timeout: 60,
};
export default async function handler(req, res) {
const { address, chain, network } = req.body;
await Moralis.start({ apiKey: process.env.MORALIS_API_KEY });
try {
const message = await Moralis.Auth.requestMessage({
address,
chain,
network,
...config,
});
ok, then not the timeout is the issue, how does the message looks like now?
Now it’s like this
{
"statusCode": 400,
"name": "NotFoundException",
"message": "Challenge not found, Timeout may have exceeded"
}