In my case, subdomains are being created dynamically, so I need to whitelist them all on the fly.
Originally posted by: MehdiRaash
Check the discussion at: https://github.com/orgs/Web3Auth/discussions/1239
Originally posted by: MehdiRaash
Check the discussion at: https://github.com/orgs/Web3Auth/discussions/1239
1 Like
OpenLoginAdapter of web3auth accepts a parameter called OriginData.
OriginData is a key value pair
key: origin (e.g: https://a.example.com)
value: signature
signature is generated by using whitelistUrl function from the package @toruslabs/openlogin package
The parameters for whitelistUrl function are (clientId, clientSecret, origin).
To use the same function in the backend and generate the signature,
const base64url = require("base64url");
const keccak = require("keccak");
const { getPublic, sign } = require("@toruslabs/eccrypto");
const clientId = "BG0djgWQ8-sDz3OfdJmuQnO3XnsO8VOBhNGOSW8BgmgiNiit1374bM89r3RT0XP2n2BNkTS6A33UkQryCfkGbBs";
const clientSecret = "f785b7a8ef9e50bd878180c4b89072d08e8c2c59840bc01ef080f5b00783264e";
const origin = "https://www.example.com";
const appKeyBuf = Buffer.from(clientSecret.padStart(64, "0"), "hex");
if (base64url.encode(getPublic(appKeyBuf)) !== clientId) throw new Error("appKey mismatch");
const sig = await sign(appKeyBuf, Buffer.from(keccak("keccak256").update(origin).digest("hex"), "hex"));
const finalSig = base64url.encode(sig);
console.log("final sig", finalSig);