Moralis Verify EVM Error

Technical Issue Reporting
#1

I keep getting 400 bad request on Moralis Verify EVM endpoint, even when using it from the API reference page.

Here is the request message:

docs.moralis.io wants you to sign in with your Ethereum account:\n0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B\n\n\nURI: https://docs.moralis.io/\nVersion: 1\nChain ID: 1\nNonce: 16I9yHdRqsqkr6NHu\nIssued At: 2022-11-11T12:31:00.358Z

And response:

{
  "statusCode": 400,
  "name": "Error",
  "message": "Invalid message: {\"success\":false,\"state\":103,\"length\":231,\"matched\":0,\"maxMatched\":64,\"maxTreeDepth\":15,\"nodeHits\":322,\"inputLength\":231,\"subBegin\":0,\"subEnd\":231,\"subLength\":231}"
}
#2

can you share what parameters did you pass to the api

#3

for Request Message

domain: "web3re.com"
chainId: 1
address: "0x5BeF7a286408dECE54fE97cA1dBdc3Df63C99764"
timeout: 120
statement: "Web3RE"
uri: "https://web3re.com"

for Verify

message: "web3re.com wants you to sign in with your Ethereum account:\n0x5BeF7a286408dECE54fE97cA1dBdc3Df63C99764\n\nWeb3RE\n\nURI: https://web3re.com\nVersion: 1\nChain ID: 1\nNonce: J2JAoEusq6pKIx58b\nIssued At: 2022-11-11T14:09:07.168Z"
signature: "0xd953dfdba0932a0eafaa2d4e3edc7762713035a35edb82159b1d01deb78724cb34ffc7dd54eb6a0635cb5cd620865905bc7bbe5f8669b576d705c1ae9c061a871b"
#4

try to also set expirationTime and notBefore

#5 
Expiration Time: 2022-11-11T15:51:40.3831728Z
Not Before: 2022-11-11T14:51:40.3832261Z

still the same
does the domain and/or Uri need to be something specific, or can be anything?

#6

you could try with "https://web3re.com/"

#7

I try for URI, its the same
I try for domain, the request doesnt work

its not a active domain, does it actually check for something? Iโ€™m running from my local environment

#8

it doesnโ€™t matter what domain it is, it is not validated, did you add that / at the end?

#9

yes I did add it to the Uri and still the same

#10

yes, it looks like I also have issues now

#11

you can try the swagger interface

https://authapi.moralis.io/api-docs/#/Challenge/verifyChallengeEvm

it looks like I get errors in docs interface

how did you check it?

#12

same

curl -X 'POST' \
  'https://authapi.moralis.io/challenge/verify/evm' \
  -H 'accept: application/json' \
  -H 'X-API-KEY: xxxxx' \
  -H 'Content-Type: application/json' \
  -d '{
  "message": "web3re.com wants you to sign in with your Ethereum account:\n0x5BeF7a286408dECE54fE97cA1dBdc3Df63C99764\n\nWeb3RE\n\nURI: https://web3re.com/\nVersion: 1\nChain ID: 1\nNonce: mPp6pVev9lvtMrcOJ\nIssued At: 2022-11-11T17:11:07.196Z\nExpiration Time: 2022-11-11T18:11:07.2505307Z\nNot Before: 2022-11-11T17:11:07.2505312Z",
  "signature": "0x9c5b094f85ec7f8ff194620ab95db6fc6cbe595b5b11c4c6508e72df389c55950936801e92cf97b067e5eebe9739a3232a0a2fdf46f14b2f219cd8d83fe67ccd1c"
}'

{
  "statusCode": 400,
  "name": "BadRequestException",
  "message": "Invalid Signature"
}
#13

Iโ€™ve tried in docs and my own .NET implementation as well

#14

its not working for you too or is it something wrong on my side ?

#15

Test with this.

This app is working on my end with the default options which i added. So test it with the default options first and then try updating with your options in auth.js file.

#16

I added this prefix before signing on client side and now it works
maybe example docs need to be updated

let prefix = "\x19Ethereum Signed Message:\n" + msg.length
let msgHash1 = web3.utils.sha3(prefix+msg)

let sig1 = await web3.eth.sign(msgHash1, accounts[0]);
#17

It should work directly without that prefix too, it should be equivalent with signing the message.

#18

You didnโ€™t use personal sign?

#19

no I didnt, should I be?

#20

Yes, that is what you should use, what you did there is somehow equivalent with personal sign. The difference is that with personal sign you will see the message in MetaMask when you sign it.