0xsequence
Sign message enters an endless loop when choosing who signs
Doing a eth_signTypedData_v4 request to sign a message, sequence endlessly asks to select the social method to login; see video. This makes it impossible to use this method, which is critical for our internal authentication.
Caller code:
authenticating = (async () => {
const address = await bepro.getAddress(true);
console.log({ address });
if (!address) {
return null;
}
const { authData, signMethod } = await api.getAuthData();
console.log({ address, authData, signMethod });
try {
const signature = await bepro.sign(signMethod, authData);
console.log({ signature });
if (signature) {
const tokens = await api.postAuthenticate(signature);
const newAuth = {
address,
declined: false,
...tokens,
};
setAuth(newAuth);
return newAuth;
}
}
...
Authentication request:
sequenceProvider.transport.provider.request({
method: 'eth_signTypedData_v4',
params: [
address: '0xwhateveraddress',
JSON.stringify({
domain: {
name: "RealFevr NFTs Marketplace",
version: "1"
},
message: {
nonce: "a-unique-nonce-hash"
},
primaryType: "Auth",
types: {
eip712Domain: [
{
name: "name",
type: "string"
},
{
name: "version",
type: "string"
}
],
auth: [
{
name: "nonce",
type: "string"
}
],
EIP712Domain: [
{
name: "name",
type: "string"
},
{
name: "version",
type: "string"
}
],
Auth: [
{
name: "nonce",
type: "string"
}
]
}
}),
],
});
You can see on the video how after clicking "Confirm" on the sequence modal dialog, the gmail account selector windows keeps popping up endlessly without any real effect. Take note also of how in the console, the console.log for the auth data (in the code above) appears only once, meaning the sign request really happens only once; the "loop" appears to be inside sequence itself.
https://user-images.githubusercontent.com/802086/204031640-9d8452fc-9f25-4686-bb68-51e9958da7a2.mov
Wow, that's super bizarre, haven't seen that before. Thanks for the report, we'll investigate!
hey there @Quicksaver! Can you try signing typed data using below? I just tested signing one as shown below, with chainId 56, and it worked fine.
const wallet = sequence.getWallet()
const signer = wallet.getSigner()
const sig = await signer.signTypedData(...)
btw, @Quicksaver the EIP712 domain is very similar to what we do with https://github.com/0xsequence/ethauth.js -- which in fact is built into sequence.js and used on connect. See https://docs.sequence.xyz/wallet/guides/auth-address#authenticate-wallet and https://github.com/0xsequence/sequence.js/blob/master/packages/provider/src/types.ts#L157
by passing authorize: true on connect, like so: wallet.connect({ authorize: true }) it will ask the user to connect and also sign the eip712 payload.
once thing we can do is update authorize to take either a boolean or nonce number, as you can see ETHAuth 712 domain supports a nonce as well.
Ditto from https://github.com/0xsequence/sequence.js/issues/324#issuecomment-1425907022, we've had to rewrite our code to not use blindly web3js events and be able to use from other sources, aka Sequence's methods. Could be a blocker for projects looking to integrate Sequence into their already existing ethers/web3js-compatible code.