Mobile-SDK icon indicating copy to clipboard operation
Mobile-SDK copied to clipboard
verified publisher icon TP-Lab

How to verify the Android authorized signature on the server?

Open pabblelj opened this issue 3 years ago • 1 comments

This is my android authorize code:

        Authorize authorize = new Authorize();
        List blockchains = new ArrayList();
        blockchains.add(new Blockchain("ethereum", "56"));
        authorize.setBlockchains(blockchains);
        authorize.setAction("login");
        authorize.setActionId(String.valueOf(System.currentTimeMillis()));
        authorize.setProtocol("TokenPocket");
        authorize.setVersion("v1.0");
        authorize.setDappName("testApp");
        authorize.setMemo("demo");
        TPManager ins = TPManager.getInstance();

After onsuccess,How to verify the correctness of the signature on the server. For example, this is the code of metamask:

              TypedData := &eip712.TypedData{
		Types: eip712.Types{
			"EIP712Domain": []eip712.Type{
				{Name: "name", Type: "string"},
				{Name: "version", Type: "string"},
				{Name: "chainId", Type: "uint256"},
			},
			"login": []eip712.Type{
				{Name: "wallet", Type: "address"},
			},
		},

		Domain: eip712.TypedDataDomain{
			Name:              "login",
		},

		PrimaryType: "login",
		Message: eip712.TypedDataMessage{
			"wallet":        address,
		},
	}
	pubKey, err := beeCrypto.RecoverEIP712(common.Hex2Bytes(sign), TypedData)

This is a security issue. I hope you can let me know. thank you.

pabblelj avatar Jun 28 '22 02:06 pabblelj

hi, After onsuccess, the callback data is a json, take out the "sign" parameter , and then verify via api : web3.eth.accounts.recover(signObject)

Developmc avatar Jun 28 '22 06:06 Developmc