Authentication

Wallet login:

User connects wallet.
App asks to sign "Sign in to Qwery: <timestamp>" .
Backend verifies signature.
Issues JWT with wallet as subject.
Stores JWT in httpOnly cookie.

Facilitator:

NO authentication required to call facilitator
Facilitator is public service
Rate limiting prevents abuse

Your Application:

YOU implement user authentication
Recommended: Wallet signature auth
Store user sessions
Protect your API routes

Example Wallet Auth:

import { useWallet } from '@solana/wallet-adapter-react';

const { publicKey, signMessage } = useWallet();

// Sign authentication message
const message = `Login to MyApp\nTimestamp: ${Date.now()}`;
const signature = await signMessage(new TextEncoder().encode(message));

// Verify signature on your backend
const verified = verifySignature(publicKey, message, signature);
if (verified) {
  // Issue JWT token
}

PreviousIndexing NextAPI Keys

Last updated 4 days ago

Good night