HomePhabricator
Diffusion Comm 04be4bd3ba84

[identity] verify nonce in siwe message

Description

[identity] verify nonce in siwe message

Summary:
get the nonce from the SIWE message provided by the user and check if it exists in our nonces table. if it doesn't, return an error. if it does, remove it and proceed.

Depends on D9440

Test Plan: tried to use the same nonce for consecutive sign-in requests and only the first request succeeded.

Reviewers: kamil, bartek, jon

Reviewed By: bartek

Subscribers: ashoat, tomek, wyilio

Differential Revision: https://phab.comm.dev/D9441

Details

Provenance
varunAuthored on Oct 9 2023, 2:01 PM
Reviewer
bartek
Differential Revision
D9441: [identity] verify nonce in siwe message
Parents
rCOMMa06b82fdb95b: [identity] Make sure username users can't use ETH addresses as usernames on theā€¦
Branches
Unknown
Tags
Unknown