Verify EVM challenge Problem

Technical Issue Reporting
#1

Hello everyone,

I am having problems with the following request. I am getting always a 400 response, even with the example request provided in the page. I believe there is a problem with the API.

This is the response I am getting:

{
  "statusCode": 400,
  "name": "Error",
  "message": "Invalid message: {\"success\":false,\"state\":103,\"length\":6,\"matched\":0,\"maxMatched\":6,\"maxTreeDepth\":15,\"nodeHits\":117,\"inputLength\":6,\"subBegin\":0,\"subEnd\":6,\"subLength\":6}"
}

Thanks,
Pedro

#2

Did you sign the message using the wallet?

The example shown in the docs will not work as every message has an expiry and needs to be signed by the wallet.

#3

usually you get that error when the message was changed (like \n changed to something else) or it doesn’t have all the required fields

#4

@johnversus I also tried with the signature generated by the wallet. With the servers hosted by Moralis the authentication was working, but I am migrating to self-host the server, and with the self host solution the authentication is not working. I copied the data and signature value from the payload we sent from the client side, and I sent it directly to the API from the documentation page, and I am getting the same error.
In the following screenshot, you can see the value of the signed message and the signature.

image

1 Like
#5

Did you also try in the swagger interface?

#6

@cryptokid no, I am not familiar with the molaris swagger interface, but I tried with Postman. Is this the swagger page? https://deep-index.moralis.io/api-docs/ I did not find in this page the endpoint

#7

That is not the swagger interface for authentication api, it is a different one.
In the swagger interface you can easily generate a request and change the parameters for that request.

#9

Did you set all the fields/parameters in that message?
Like expiration date, not before

#10

you can try to use this swagger interface:

https://authapi.moralis.io/api-docs/
#11

@cryptokid @johnversus I will give some more context on how I discovered the problem with this endpoint.

Like I mentioned before, the authentication using Moralis servers was working well. This week I lost the access to the moralis servers after deleting my last Moralis server, so I decided to use the self hosted solution. I followed this https://www.youtube.com/watch?v=l2qTyc-V9cM tutorial.
In the client side I am using the react Moralis v1. With the self hosted server the authentication is not working. I added a console.log to print the exception thrown in the parser server, and it was how I discovered that this endpoint was not working as expected. The exception is thrown when the server does the request to this endpoint. I did not adapt or modify any part of the parser server application, other than adding the console.log. The exception that I get, is identical to the one I get when I try directly on the page with the documentation

Earlier I reported only the problem with the endpoint to simplify the problem and be easier to explain.

I added the console.log in the catch inside the function named validateAuthData from the file MoralisEthAdapter.ts.

The exception is the following:

MoralisError [Moralis SDK Core Error]: [C0006] Request failed, Bad Request(400): Invalid message: {"success":false,"state":103,"length":17,"matched":0,"maxMatched":3,"maxTreeDepth":15,"nodeHits":134,"inputLength":17,"subBegin":0,"subEnd":17,"subLength":17}
    at RequestController.makeError (/home/rute/Documents/projects/parse-server-migration/node_modules/@moralisweb3/core/lib/controllers/RequestController/RequestController.js:119:20)
    at RequestController.<anonymous> (/home/rute/Documents/projects/parse-server-migration/node_modules/@moralisweb3/core/lib/controllers/RequestController/RequestController.js:100:38)
    at step (/home/rute/Documents/projects/parse-server-migration/node_modules/@moralisweb3/core/lib/controllers/RequestController/RequestController.js:44:23)
    at Object.throw (/home/rute/Documents/projects/parse-server-migration/node_modules/@moralisweb3/core/lib/controllers/RequestController/RequestController.js:25:53)
    at rejected (/home/rute/Documents/projects/parse-server-migration/node_modules/@moralisweb3/core/lib/controllers/RequestController/RequestController.js:17:65)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:94:5) {
  isMoralisError: true,
  code: 'C0006',
  details: {
    status: 400,
    response: {
      status: 400,
      statusText: 'Bad Request',
      headers: [Object],
      config: [Object],
      request: [ClientRequest],
      data: [Object]
    }
  },
  cause: [AxiosError: Request failed with status code 400] {
    code: 'ERR_BAD_REQUEST',
    config: {
      transitional: [Object],
      adapter: [Function: httpAdapter],
      transformRequest: [Array],
      transformResponse: [Array],
      timeout: 10000,
      xsrfCookieName: 'XSRF-TOKEN',
      xsrfHeaderName: 'X-XSRF-TOKEN',
      maxContentLength: -1,
      maxBodyLength: -1,
      env: [Object],
      validateStatus: [Function: validateStatus],
      headers: [Object],
      url: 'https://authapi.moralis.io/challenge/verify/evm',
      params: {},
      method: 'post',
      data: '{"message":"Log in to Moralis","signature":"0x81c2eca657bb56c9941ad4ca8e3f7110adf17dc3bb4ed50c40ca08502a0f772e7fd83c8d8a0dbe30c8549cdf3caed3e6aaa37df92dc3553709e7d3ed1e43cff51c"}'
    },
    request: ClientRequest {
      _events: [Object: null prototype],
      _eventsCount: 7,
      _maxListeners: undefined,
      outputData: [],
      outputSize: 0,
      writable: true,
      destroyed: false,
      _last: true,
      chunkedEncoding: false,
      shouldKeepAlive: false,
      _defaultKeepAlive: true,
      useChunkedEncodingByDefault: true,
      sendDate: false,
      _removedConnection: false,
      _removedContLen: false,
      _removedTE: false,
      _contentLength: null,
      _hasBody: true,
      _trailer: '',
      finished: true,
      _headerSent: true,
      _closed: false,
      socket: [TLSSocket],
      _header: 'POST /challenge/verify/evm HTTP/1.1\r\n' +
        'Accept: application/json, text/plain, */*\r\n' +
        'Content-Type: application/json\r\n' +
        'x-moralis-platform: JS SDK\r\n' +
        'x-moralis-platform-version: 2.7.0\r\n' +
        'x-moralis-build-target: node\r\n' +
        'x-api-key: pNVkG0FQEbmqdi4KQzXXXXXXXgOjx6n\r\n' +
        'User-Agent: axios/0.27.2\r\n' +
        'Content-Length: 178\r\n' +
        'Host: authapi.moralis.io\r\n' +
        'Connection: close\r\n' +
        '\r\n',
      _keepAliveTimeout: 0,
      _onPendingData: {},
      agent: [Agent],
      socketPath: undefined,
      method: 'POST',
      maxHeaderSize: undefined,
      insecureHTTPParser: undefined,
      path: '/challenge/verify/evm',
      _ended: true,
      res: [IncomingMessage],
      aborted: false,
      timeoutCb: null,
      upgradeOrConnect: false,
      parser: null,
      maxHeadersCount: null,
      reusedSocket: false,
      host: 'authapi.moralis.io',
      protocol: 'https:',
      _redirectable: [Writable],
      [Symbol(kCapture)]: false,
      [Symbol(kNeedDrain)]: false,
      [Symbol(corked)]: 0,
      [Symbol(kOutHeaders)]: [Object: null prototype]
    },
    response: {
      status: 400,
      statusText: 'Bad Request',
      headers: [Object],
      config: [Object],
      request: [ClientRequest],
      data: [Object]
    }
  }
}
authdata:  {
  id: '0x229b4dbbac15f306651c55aa61305612a4fc789b',
  signature: '0x81c2eca657bb56c9941ad4ca8e3f7110adf17dc3bb4ed50c40ca08502a0f772e7fd83c8d8a0dbe30c8549cdf3caed3e6aaa37df92dc3553709e7d3ed1e43cff51c',
  data: 'Log in to Moralis'
}
error: Moralis auth failed, invalid data {"code":101,"stack":"Error: Moralis auth failed, invalid data\n    at /home/rute/Documents/projects/parse-server-migration/build/auth/MoralisEthAdapter.js:36:15\n    at runMicrotasks (<anonymous>)\n    at processTicksAndRejections (node:internal/process/task_queues:94:5)\n    at async Promise.all (index 0)"}
#12

it is not going to work with that message, you have to use the message received from auth api that is much longer and has more fields

#13

this is how you have to update the authentication with a self hosted server

1 Like
#14

Hi everyone,

So if I understand, with a Self-Hosted server, authentication now requires a message with fields that contains address and chainId.

So what about Web3auth and WalletConnect authentications?

https://moralisweb3auth.netlify.app
https://v1docs.moralis.io/moralis-dapp/users/web3-login/walletconnect

In this example, we have to use Moralis.authenticate() to get the address, since Moralis.enableWeb3() don’t return the address if we want to auth with WalletConnect or Web3auth.

But we can not call Moralis.authenticate() anymore without the address field in the message.

Is there any way to auth with WalletConnect and Web3Auth if we use Moralis V1 and CDN ?

#15

you have examples here for both web3auth and wallet connect for authentication

1 Like
#16

Yes, thanks, i aware about this doc.

But i didn’t find any CDN to import wagmi on a html page.

Looks like there isn’t UMD js files for wagmi.

#17

ok, I don’t know now how you can do it in vanilla js

#18

Ok, thank you,

I will share something here if I find a way to do it

#19

You can try using @wagmi/core. This is the wagmi package you can use in non-React frameworks, maybe you can get it working.