Hi all
I need to check the validity of the delegation on the backend of the TS Node. I receive a delegation when logging into NFID or Internet Identity. But I can’t figure out how to do it correctly. Signature verification using a simple “crypto” fails. Also, I don’t understand how to use other solutions correctly. For example, @slide-computer/signer-signatures crashes during the package import stage.
My question is, is it possible to get a short working example? This is arrogance 
But I don’t fully understand whether I’m moving in the right direction. And so I would really appreciate any help.
I need to check the delegation (signatures and keys) so that the Node backend can accurately understand the user ID. I’m thinking of a scenario where a malicious client uses auth_client to use its pre-arranged delegation, which includes the other user’s principal, and passes it to my backend (without checking the delegation), thus gaining access to the other user’s account. How can I implement this without using ICP?
I would really appreciate some help as I can’t find a solution. Most likely I don’t understand well, so I ask for a small example on JS. In the last case it would be very helpful!
(author here)
It might crash because the peer dependencies aren’t installed:
"peerDependencies": {
"@dfinity/agent": "^1.0.1",
"@dfinity/candid": "^1.0.1",
"@dfinity/identity": "^1.0.1",
"@dfinity/principal": "^1.0.1"
}
The library is still very much in development so documentation is lacking 
Alternatively there’s also another npm library that runs the dfx signature verification code in wasm and something I would probably recommend for now over my JS implementation: @dfinity/standalone-sig-verifier-web - npm
Overall, verifying IC web3 identities on web2 is still something under discussion and development in the working group: wg-identity-authentication/topics/icrc_32_sign_challenge.md at main · dfinity/wg-identity-authentication · GitHub
Documenting this is on my to-do list. Try using @sea-snake’s solution in the meantime, but IOU a straightforward example
I wrote on Discord and I apologize for the duplicate here, but I’m in dire need )
I tried to understand the ICRC-35 Example and documentation, but it doesn’t explain much to me. And I don’t understand how I can solve the problem of II verification.
my repository with attempts to solve it in various ways is here GitHub - Raters-ICP/verification
And I don’t even know how anyone could help me, but I urgently need to solve this problem. I would really appreciate any detailed help!!!
I want to say that I have an object after II authorization as below in the example and it should certainly be possible to verify the keys and signature. But I can’t do it… I believe that I am using verification incorrectly in the repository that I showed above…
{
… delegations: [
… … { delegation: {expiration, pubkey}, signature }
… ],
… publicKey
}