Can i whitelist urls on https://dashboard.web3auth.io programatically?

• Is there any way to whitelist urls in developer dashboard from my backend?
• I am building a multi tenant application where i need to add a new sub domain for each my client whenever they signup in my app. Can i do it directly from my code?

Originally posted by: himanshuchawla009

Check the discussion at: https://github.com/orgs/Web3Auth/discussions/351

No need to whitelist on the developer dashboard.

You can use manual origin whitelisting.

OpenLoginAdapter of web3auth accepts a parameter called OriginData.
OriginData is a key value pair
key: origin (e.g: https://a.example.com)
value: signature
signature is generated by using whitelistUrl function from the package @toruslabs/openlogin package

The parameters for whitelistUrl function are (clientId, clientSecret, origin).

To use the same function in the backend and generate the signature,

const base64url = require("base64url");
const keccak = require("keccak");
const { getPublic, sign } = require("@toruslabs/eccrypto");

const clientId = "BG0djgWQ8-sDz3OfdJmuQnO3XnsO8VOBhNGOSW8BgmgiNiit1374bM89r3RT0XP2n2BNkTS6A33UkQryCfkGbBs";
const clientSecret = "f785b7a8ef9e50bd878180c4b89072d08e8c2c59840bc01ef080f5b00783264e";
const origin = "https://www.example.com";
const appKeyBuf = Buffer.from(clientSecret.padStart(64, "0"), "hex");
if (base64url.encode(getPublic(appKeyBuf)) !== clientId) throw new Error("appKey mismatch");
const sig = await sign(appKeyBuf, Buffer.from(keccak("keccak256").update(origin).digest("hex"), "hex"));
const finalSig = base64url.encode(sig);
console.log("final sig", finalSig);