I need to securely verify a user’s principal in an offchain Rust backend.
I coded something with Codex, but
{"error":"invalid_request","error_description":"invalid signature"}
I tried all Vibe coding that I could and now I am at a dead-end.
Can somebody show my an example of Rust (and also frontend) code for verifying a principal? or at least describe the algorithm?
I assume you want to have someone sign in with a principal, and not verify if a printed principal is a valid principal.
The way to do this is to generate a challenge that the user then signs with their identity. On the backend, you can then verify the signature(s) and timestamps. I do not have code ready to copy/paste, but there is probably a lot you can copy from this crate
I did a POC in Go + II about a year ago, might nudge you in the right direction 
Do I need to check also signatures from the delegation chain? Or is it enough to check only the “main” signature/key?
You need to check the whole chain. Every individual signature may be forged and the whole chain is only valid if all signatures check out