siwe-java icon indicating copy to clipboard operation
siwe-java copied to clipboard
verified publisher icon moonstoneid

Can't this wallet link be used to verify world coins

Open qidai77777 opened this issue 11 months ago • 2 comments

I tried to parse the message, but he told me it was an error

com.moonstoneid.siwe.error.SiweException: ABNF parsing failed. at com.moonstoneid.siwe.SiweMessage$Parser.parse(SiweMessage.java:469) at com.bitskyex.web.web3auth.TestSiweJava.main(TestSiweJava.java:14)

` String message = "https://2ps14262yl91.vicp.fun wants you to sign in with your Ethereum account:\n0x5E91862Fbf510189B3369A23d4ADe73b54440716\n\nThis is my statement and here is a link https://worldcoin.com/apps\n\nURI: https://2ps14262yl91.vicp.fun/\nVersion: 1\nChain ID: 480\nNonce: 84c9340ef92741308c583ef11b895e9e\nIssued At: 2025-02-18T07:49:44.915Z\nExpiration Time: 2025-02-25T07:49:44.913Z\nNot Before: 2025-02-17T07:49:44.913Z\nRequest ID: 0"; String signature = "0x2ce1f57908b3d1cfece352a90cec9beab0452829a0bf741d26016d60676d63" + "807b5080b4cc387edbe741203387ef0b8a6e79743f636512cc48c80cbb12ffa8261b"; try { // Parse string to SiweMessage SiweMessage siwe = new SiweMessage.Parser().parse(message);

        // Verify integrity of SiweMessage by matching its signature
        siwe.verify("example.com", "EnZ3CLrm6ap78uiNE0MU", signature);
    } catch (SiweException e) {
        e.printStackTrace();
        // Handle exception
    }`

qidai77777 avatar Feb 18 '25 11:02 qidai77777

Thanks for reporting the issue. After a quick look, I think the problem is that the parser currently does not handle URI schemes in the message (which are optional but allowed according to the spec).

It may take some time to fix this. A workaround would be to use a message without a scheme. Example:

String message = "2ps14262yl91.vicp.fun wants you to sign in with your Ethereum account:\n" +
            "0x5E91862Fbf510189B3369A23d4ADe73b54440716\n\n" +
            "This is my statement and here is a link https://worldcoin.com/apps\n\n" +
            "URI: https://2ps14262yl91.vicp.fun/\n" +
            "Version: 1\n" +
            "Chain ID: 480\n" +
            "Nonce: 84c9340ef92741308c583ef11b895e9e\n" +
            "Issued At: 2025-02-18T07:49:44.915Z\n" +
            "Expiration Time: 2025-02-25T07:49:44.913Z\n" +
            "Not Before: 2025-02-17T07:49:44.913Z\n" +
            "Request ID: 0";

As you can see, the message starts with 2ps14262yl91.vicp.fun wants you to sign in...(no https://).

michaelnetter avatar Feb 18 '25 12:02 michaelnetter