Skip to main content

Server-Side Verification

Web3Auth's server-side verification feature enables developers to securely authenticate users on the backend by validating the ownership of a wallet address. This process involves the use of a JSON Web Token (JWT) issued upon user authentication, which contains claims about the end user, including proof of ownership over a wallet public address.

Upon a user's successful connection of their wallet, Web3Auth generates a JWT, signed with a private key using the ES256 algorithm, that is unique to your application. This token serves as a verifiable credential that you can use to authenticate the user on your backend.

Implementing Server-Side Verification

To implement server-side verification with Web3Auth:

  1. Retrieve the JWT (idToken): When a user logs in through Web3Auth, a JWT (JSON Web Token) can be generated to prove that the user owns the wallet, and you can verify it on your backend server.

    Different Flows for Different Wallets:

    • Social Logins: These tokens include a public key linked to the user's wallet.
    • External Wallets: These tokens include the wallet address instead of the public key.

  2. Verify the JWT: Use the public key/address provided by Web3Auth to verify the JWT's authenticity. This step confirms that the token is valid and the information it contains about the user can be trusted.

  3. Authenticate the User: Based on the verified claims within the JWT, including wallet address ownership, authenticate the user in your backend system.

info

Head over to our Web3Auth Identity Token documentation to learn more about the JWT and how to verify it.

Common Questions

The following questions can be answered using the information on this page:

  1. What is Web3Auth's server-side verification feature?
  2. How does Web3Auth handle JWT generation and validation?
  3. What's the difference between social login and external wallet verification?
  4. How do I implement server-side verification in my application?
  5. What information is included in Web3Auth's JWTs?
  6. How does Web3Auth prove wallet ownership?
  7. What is the process for verifying JWTs on the backend?
  8. How secure is Web3Auth's server-side verification?
  9. What are the steps for implementing server-side authentication?
  10. How do I handle different wallet verification flows?