Do we verify the Signature? #2
Comments
|
No there is no code for signature checking currently in place. |
|
Okay cool; I will investigate as this would be important to try preventing spoofing of a token |
|
Thanks for this update, i implemented it and it works fine until I changed the implementation of the cardano api call to the new one, check #5 . |
|
Yeah I need to rework the way that I am integrating with the Wallet; CIP-30 changed this process to be more generic. |
|
I've updated my fork to handle the updated 'signData' api response. It was a little different to just returning a 'string' output. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Does the code currently verify the authenticity of the signed message in any way? I can see that we are ensuring that the token is correctly formed but are we checking if the signature provided is a signature for this token?
The text was updated successfully, but these errors were encountered: