Regarding the message being shown on the signature request page when signing up with the wallet, I’m wondering how to explain my mother the signature request why is this needed. The connection prompt I think it’s clear for any user, but a second step, in this case signing, may be not so clear why, how can I explain this a kid? Maybe it would also be good that Moralis itself defines a standard recommended string which makes this step clear?
Moralis.authenticate() gives you an access to the Moralis database which can contain user’s private information. So for interaction with Moralis db you need to sign message. This is the most reliable way to make sure that you really own the wallet and did not use for example spoofing.
What’s the difference to allowing connection to the wallet? I can also only allow the connection only when I own the wallet? I tell you, those 2 steps will be difficult for normal consumers to understand, that’s why we need a good text explaining this.
We use the signature as proof the user is owner of account, if no signature is provided, anyone can gain the credentials necessary to read /write to users private data in Moralis Database. The signing is no different than entering a username and password. If a user wants to use the authenticated features of an app they need to “log in”. They choose when to do so by pressing the “login” button.
Isn’t that text message that is signed customizable as a parameter?
You can edit your sign-in message. Take a look at Changing Sign-In Message
Yes, text text is customizable, but that was not my topic about:
Maybe it would also be good that Moralis itself defines a standard recommended string which makes this step clear?
Again, I understand that technically you currently need that, but HOW to explain this normal users? Instead of each developer thinking about a message it would be nice if Moralis already offers a standard text that makes it clear to the users why this step is needed.
Thank you, we will think about making the message more meaningful