Digital Signature Verification

PreviousOn-Chain Access Control NextMerkel Proof Verification

Last updated 1 year ago

Digital Signature Verification

With Authento, you can easily implement on-chain access control using digital signatures as shown below.

Steps

[Backend] Configure the server to handle generation of digital signatures based on user KYC status retrieved using Authento API.
[Smart Contract] Implement on-chain signature verification.
[Frontend] Set up callbacks to execute the appropriate smart contract function when digital signature is successfully fetched from the backend.

Backend

On the backend, you need to set up an endpoint which handles request for digital signatures needed for on-chain verification. This can be done by:

Determine if the address owner should be allowed access to the smart contract based on the user information retrieved in step 1. If so, generate and return a digital signature along with other optional parameters such as expire timestamp.

The API response from Authento contains sensitive information and should NOT be directly relayed to the end user.

Smart Contract

There are a few things we need to do on the smart contract:

implement a _recoverSigner function which returns the wallet used to create a particular signature.
Modify any function which requires access control to take signature (and other optional parameters used to generate the signature, such as expire timestamp) as additional argument(s).
For each of the functions modified in step 2, ensure that the _recoverSigner returns the valid address and that all other required conditions are met.

Smart Contract Example

//SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";

contract AuthentoOnChainAccess is ERC721, Ownable {
    using ECDSA for bytes32;
    uint256 private tokenIdCounter;

    constructor(
        address initialOwner
    ) ERC721("Authento On Chain Access", "AUX") Ownable(initialOwner) {}

    function _recoverSigner(
        uint256 expireTs,
        bytes memory signature
    ) private view returns (address) {
        bytes32 messageHash = MessageHashUtils.toEthSignedMessageHash(
            keccak256(abi.encodePacked(msg.sender, expireTs))
        );
        return ECDSA.recover(messageHash, signature);
    }

    function mint(uint256 expireTs, bytes memory signature) external {
        require(block.timestamp < expireTs, "Expired");
        require(
            _recoverSigner(expireTs, signature) == owner(),
            "Incorrect signature"
        );
        _safeMint(msg.sender, tokenIdCounter++);
    }
}

Frontend

Example

PreviousOn-Chain Access Control NextMerkel Proof Verification

Last updated 1 year ago

With Authento, you can easily implement on-chain access control using digital signatures as shown below.

Steps

Generate an API key/secret pair from the under the Settings tab
[Backend] Configure the server to handle generation of digital signatures based on user KYC status retrieved using Authento API.
[Smart Contract] Implement on-chain signature verification.
[Frontend] Set up callbacks to execute the appropriate smart contract function when digital signature is successfully fetched from the backend.

Backend

On the backend, you need to set up an endpoint which handles request for digital signatures needed for on-chain verification. This can be done by:

Retrieve the KYC/AML status of the address owner using the Authento API. To learn more about the Authento API, please go to the section.
Determine if the address owner should be allowed access to the smart contract based on the user information retrieved in step 1. If so, generate and return a digital signature along with other optional parameters such as expire timestamp.

The API response from Authento contains sensitive information and should NOT be directly relayed to the end user.

Smart Contract

There are a few things we need to do on the smart contract:

implement a _recoverSigner function which returns the wallet used to create a particular signature.
Modify any function which requires access control to take signature (and other optional parameters used to generate the signature, such as expire timestamp) as additional argument(s).
For each of the functions modified in step 2, ensure that the _recoverSigner returns the valid address and that all other required conditions are met.

Smart Contract Example

//SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";

contract AuthentoOnChainAccess is ERC721, Ownable {
    using ECDSA for bytes32;
    uint256 private tokenIdCounter;

    constructor(
        address initialOwner
    ) ERC721("Authento On Chain Access", "AUX") Ownable(initialOwner) {}

    function _recoverSigner(
        uint256 expireTs,
        bytes memory signature
    ) private view returns (address) {
        bytes32 messageHash = MessageHashUtils.toEthSignedMessageHash(
            keccak256(abi.encodePacked(msg.sender, expireTs))
        );
        return ECDSA.recover(messageHash, signature);
    }

    function mint(uint256 expireTs, bytes memory signature) external {
        require(block.timestamp < expireTs, "Expired");
        require(
            _recoverSigner(expireTs, signature) == owner(),
            "Incorrect signature"
        );
        _safeMint(msg.sender, tokenIdCounter++);
    }
}

Frontend

On the frontend, you should set up callbacks to execute the appropriate smart contract function upon successful signature generation. If you frontend is built using react, you can do so using the custom hook from the authento-react package.