General Idea

Why Message Signing

As not all processes can be performed on-chain, especially the game's mechanics, the Auth Message Signing App is a great showcase of the message sign feature. This makes it easier for them to understand and integrate it into their Dapps, confirming the authenticated web3 user for future off-chain actions.

Ways to verify the authenticity of the user

  • web 2 style

    • 1 is the option with normal login

    • 2 is the option with big centralized services such as google/Twitter / Facebook log in

  • web 3 style for equivalent actions of web 2 style that does not happen directly on-chain

  • web 3 style directly on chain ( confirming a transaction with the wallet being signed in )

How to verify the authenticity for off-chain actions

This is done through the user identity management, same principle as the normal login for web2. When you log into a website, you declare who you are (identification). Your identity is verified (authentication), and you are granted the necessary permissions (authorization).

You are asked to confirmed an off-chain message by the browser. This results in a generated cookie which will be used between the frontend and backend of the app to confirm your identity. To control the login life cycle, the cookie is valid for a period of time, anything from a few seconds, to 10 minutes, or even a few hours.

After the session expires, the user is required to confirm again his identify by signing a new message which creates a new cookie.

Last updated