WalletAuthenticator
The WalletAuthenticator is the core class for server-side logic in a DID Connect session. It is responsible for creating authentication requests, signing responses, and verifying the data returned from the user's wallet. It operates independently of any specific web framework, handling all the cryptographic operations and JWT management.
For integrating DID Connect into an Express.js application, see the WalletHandlers class, which builds upon WalletAuthenticator.
Constructor#
new WalletAuthenticator(config)#
Creates a new instance of the WalletAuthenticator. This is the entry point for setting up your application's identity and configuration for DID Connect.
Authenticator Setup
const { WalletAuthenticator } = require('@arcblock/did-connect');
const { fromRandom } = require('@ocap/wallet');
// The application's wallet
const appWallet = fromRandom().toJSON();
const chainHost = 'https://beta.abtnetwork.io/api';
const chainId = 'beta';
const auth = new WalletAuthenticator({
wallet: appWallet,
baseUrl: 'https://example.com',
appInfo: {
name: 'DID Connect Demo',
description: 'A demo application for DID Connect',
icon: 'https://arcblock.oss-cn-beijing.aliyuncs.com/images/wallet-round.png',
link: 'https://example.com'
},
chainInfo: {
host: chainHost,
id: chainId,
},
});Parameters
Methods#
uri()#
Generates a deep link URL that can be rendered as a QR code for the DID Wallet to scan and initiate a session.
Generating a Connect URL
const connectUrl = auth.uri({
baseUrl: 'https://example.com',
pathname: '/api/connect/relay/auth',
token: 'some_session_token',
query: { userAction: 'login' },
});
// connectUrl will be similar to:
// https://abtwallet.io/i/?action=requestAuth&url=https%3A%2F%2Fexample.com%2Fapi%2Fconnect%2Frelay%2Fauth%3FuserAction%3Dlogin%26_t_%3Dsome_session_tokenParameters
Returns
sign()#
Signs an authentication request to be sent to the wallet. This JWT-formatted response contains the application's info, chain info, and the specific claims being requested from the user.
Signing an Auth Request
const authResponse = await auth.sign({
claims: { profile: { items: ['fullName', 'email'] } }, // Requesting user's name and email
pathname: '/api/connect/relay/auth',
baseUrl: 'https://example.com',
challenge: 'random_challenge_string',
context: { token: 'some_session_token' },
});
// authResponse contains { appPk, authInfo, ... }Parameters
Returns
signResponse()#
Signs a simple, final response to the wallet, typically used after a successful operation or to report an error. This response can optionally redirect the user's wallet to a new URL.
Signing a Success Response
const successResponse = await auth.signResponse({
successMessage: 'Login successful!',
nextUrl: 'https://example.com/dashboard',
}, 'https://example.com', requestContext);
// This response can be sent back to the wallet.Parameters
Returns
verify()#
Verifies a response sent from the DID Wallet. It checks the signature using the user's public key and decodes the JWT to extract the claims and other session information.
Verifying a Wallet Response
try {
const walletResponse = {
userPk: 'user_public_key_from_wallet',
userInfo: 'jwt_token_from_wallet',
token: 'the_original_session_token'
};
const verificationResult = await auth.verify(walletResponse);
console.log('Verification successful!');
console.log('User DID:', verificationResult.userDid);
console.log('Requested Claims:', verificationResult.claims);
} catch (error) {
console.error('Verification failed:', error.message);
}Parameters
Returns
Type Definitions#
ApplicationInfo#
This object defines the information about your application that is displayed to the user in their DID Wallet during a connect session.
ChainInfo#
This object specifies the blockchain that your application interacts with.
Now that you understand how to create and manage authentication logic, the next step is to integrate it into a web server. Proceed to the WalletHandlers API Reference to learn how to attach DID Connect endpoints to an Express.js application.