signChallenge
Open a JoyID app popup window to sign message.
Types
function signChallenge(
// The challenge that was requested to be signed
challenge: string | Uint8Array,
// The address of the signer
signerAddress: string,
config?: SignConfig,
): Promise<signChallengeResponse>
interface SignConfig extends PopupConfig {
/**
* The name of your app
*/
name?: string
/**
* The logo of your app
*/
logo?: string
/**
* The RPC URL of the ckb node that your app is using
*/
rpcURL?: string
/**
* The network that your app is using, defaults to JoyID ckb testnet
*/
network?: 'mainnet' | 'testnet'
/**
* The URL of JoyID app url that your app is integrated with, defaults to https://app.joyid.dev
*/
joyidAppURL?: string
/**
* The URL of JoyID server url that your app is integrated with
*/
joyidServerURL?: string
}
interface PopupConfig {
/**
* Default is 300s
*/
timeoutInSeconds?: number
/**
* popup instance
*/
popup?: Window
}
interface signChallengeResponse {
// The public key of the authenticated user
pubkey: string
/**
* The challenge that was requested to be signed
*/
challenge: string
/**
* The message that was signed by the authenticator,
* Note that the message may not be the original raw message,
* but is combined with client data and authenticator data
* according to [WebAuthn Spec](https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion).
*/
message: string
/**
* The signature of the message that was signed by the authenticator
*/
signature: string
/**
* key type of the authenticated user
*/
keyType: 'main_key' | 'sub_key' | 'main_session_key' | 'sub_session_key'
/**
* The algorithm of the signature.
* corresponds to the `value` field of the [COSE](https://www.iana.org/assignments/cose/cose.xhtml#algorithms) structure
*/
alg: number
/**
* The attestation of the signature,
* only available when keyType is `main_session_key` or `sub_session_key`
*/
attestation?: string
}
Example
import { signChallenge } from '@joyid/ckb'
async function joyidSign() {
try {
const res = await signChallenge(
'Sign this message',
'ckt1qrfrwcdnvssswdwpn3s9v8fp87emat306ctjwsm3nmlkjg8qyza2cqgqqxv6drphrp47xalweq9pvr6ll3mvkj225quegpcw',
{
logo: 'https://example.com/logo.png',
name: 'Example App',
},
)
console.log(res)
} catch (e) {
console.error(e)
}
}
Details
Note that challenge
and message
are two different concepts, in short:
challenge
is what you as a developer want JoyID to sign.
message
is what JoyID actually signs, which is a combination of challenge
and some other data (such as authenticator data, etc.), and challenge
will be always included in message
.
For more information, you can check out the WebAuthn Spec (opens in a new tab).