I am using the @nfid/embed library for authentication in my application. I now have a requirement to secure my data through signing and verifying it on the backend. I found that the method I need (ICRC-32 Sign Challenge) is available in the @nfid/identity-kit library. However, I noticed that this library is not available on npm.
I would like to use these two packages together. Can anyone provide guidance on how to achieve this? Alternatively, I am open to considering other solutions for secure data signing and verification.
Since we’ve begun speaking on Discord, I’ll paste what you wrote me and we can continue here:
I need to check the delegation (signatures and keys) so that the Node backend can accurately understand the user ID.
I have an object after II authorization as below in the example and it should certainly be possible to verify the keys and signature.
{
… delegations: [
… … { delegation: {expiration, pubkey}, signature }
… ],
… publicKey
}
Am I correctly understanding you receive a delegation and want to check its principal?
I’m thinking of a scenario where a malicious client uses auth_client to use its pre-arranged delegation, which includes the other user’s principal, and passes it to my backend (without checking the delegation), thus gaining access to the other user’s account. How can I implement this?