[proposal] jwt validation using cosmosAddress
See original GitHub issue[proposal] Add cosmosAddress Property in verificationMethod like a ethereumAddress #103
Since Cosmos uses prefixes for addresses, it is an advantageous address system to use as did. So, after decomposing the address into prefix and remainder, we want to use it as a DID. And, like Ethereum, Cosmos would like to add the address of Cosmos to the property so that it can be verified by extracting the public key from the signature.
dsrv1zp78zmtj4a7qvs4p2s08ngjn9rcwpaf5k9d0la (cosmos address) did:dsrv:1zp78zmtj4a7qvs4p2s08ngjn9rcwpaf5k9d0la (did)
// VerifierAlgorithm.ts
export function verifyES256K(
data: string,
signature: string,
authenticators: VerificationMethod[]
): VerificationMethod {
const hash: Uint8Array = sha256(data)
const sigObj: EcdsaSignature = toSignatureObject(signature)
const fullPublicKeys = authenticators.filter(({ ethereumAddress, blockchainAccountId, cosmosAddress }) => {
return typeof ethereumAddress === 'undefined' && typeof blockchainAccountId === 'undefined' && typeof cosmosAddress === 'undefined'
})
const addressKeys = authenticators.filter(({ ethereumAddress, blockchainAccountId, cosmosAddress }) => {
return typeof ethereumAddress !== 'undefined' || typeof blockchainAccountId !== 'undefined' || typeof cosmosAddress !== 'undefined'
})
let signer: VerificationMethod | undefined = fullPublicKeys.find((pk: VerificationMethod) => {
try {
const pubBytes = extractPublicKeyBytes(pk)
return secp256k1.keyFromPublic(pubBytes).verify(hash, <SignatureInput>sigObj)
} catch (err) {
return false
}
})
if (!signer && addressKeys.length > 0) {
signer = verifyRecoverableES256K(data, signature, addressKeys)
}
if (!signer) throw new Error('invalid_signature: Signature invalid for JWT')
return signer
}
// VerifierAlgorithm.ts
const checkSignatureAgainstSigner = (sigObj: EcdsaSignature): VerificationMethod | undefined => {
const hash: Uint8Array = sha256(data)
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const recoveredKey: any = secp256k1.recoverPubKey(hash, <SignatureInput>sigObj, <number>sigObj.recoveryParam)
const recoveredPublicKeyHex: string = recoveredKey.encode('hex')
const recoveredCompressedPublicKeyHex: string = recoveredKey.encode('hex', true)
const recoveredAddress: string = pk.ethereumAddress ? toEthereumAddress(recoveredPublicKeyHex) : toCosmosAddress(pk.id, recoveredPublicKeyHex) // pk.id is for extracting the prefix.
const signer: VerificationMethod | undefined = authenticators.find((pk: VerificationMethod) => {
const keyHex = bytesToHex(extractPublicKeyBytes(pk))
return (
keyHex === recoveredPublicKeyHex ||
keyHex === recoveredCompressedPublicKeyHex ||
pk.ethereumAddress?.toLowerCase() === recoveredAddress ||
pk.blockchainAccountId?.split('@eip155')?.[0].toLowerCase() === recoveredAddress ||
pk.cosmosAddress === recoveredAddress
)
})
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (7 by maintainers)
Top Results From Across the Web
[proposal] Add cosmosAddress Property in verificationMethod ...
[proposal] jwt validation using cosmosAddress #204 Since Cosmos uses prefixes for addresses, it is an advantageous address system to use as did.
Read more >JWT Validation and Authorization in ASP.NET Core
In this post, I'm going to cover the other end of token use on ASP.NET Core – how to validate JWT tokens and...
Read more >How to Validate a JWT Access Token - OneLogin Developers
JWTs offer a standardized way of securely storing and sharing data in JSON format. ... the steps needed to validate a OneLogin JWT...
Read more >Validate a simple token in the request - Amazon CloudFront
The following example function validates a JSON web token (JWT) in the query string of a request. If the token is valid, the...
Read more >JWT Validation Guide - Okta Developer
When you use Okta to get OAuth 2.0 or OpenID Connect tokens for a user, the response contains a signed JWT ( id_token...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Yes, that sounds like a good idea
@mirceanis Thanks. I’ll update soon.
I want to create and use the “verifyBlockchainAccountId” function by separating the folder for the future like this PR, what do you think?