LogoLogo
Manifold for Developers
WelcomeManifold StudioManifold for Developers
Manifold for Developers
WelcomeManifold StudioManifold for Developers
  • Introduction
  • Shopify Merch Bridge
    • Overview
    • Tutorial
      • Step 1: Product Gate Setup
        • 1.1: Configure the Product
        • 1.2: Install Manifold Merch Bridge
        • 1.2: Create a New Product Gate
        • 1.3: Link a Product to the Gate
        • 1.4: Add Rules
      • Step 2: Store Theme Setup
        • 2.1 The Theme Editor
        • 2.2 Product Page Setup
        • 2.3 Cart Page Setup
    • Advanced Configuration
    • FAQ / Error Help
    • Reference
      • Product and Gate Configuration
        • Shopify Products
        • Product Gates
          • Gate Products
          • Rules
      • Custom Themes
      • Updating to the Latest Version
      • UI Configuration Options
      • Advanced Usage
      • Common Issues
  • Guides
    • Getting Started
    • HTML
    • React
    • NextJS
    • Vue
    • Wix
    • Squarespace
      • Simple Squarespace Site
      • Customised Squarespace Template
  • Resources
    • Apps
      • Grant Types
    • Widgets
      • Directory
      • Manifold CSS Variables
        • Scheme Utility Classes
        • List of Manifold CSS Variables
      • Connect Widget
        • Blockchain Interaction
        • Wallet Authentication
        • Data Client
          • NFT Information Retrieval
            • getNFT
            • getNFTsOfOwner
            • ownerHasNFT
            • getCollectors
          • Data Storage and Retrieval
        • Advanced Configuration
        • Customization & Styling
        • Automatic Error Handling
      • Campaign Widget
        • Campaign Creation
          • Questionnaire
        • Campaign Progress
        • Customization & Styling
      • Curation Widget
      • Marketplace Widgets
        • Widgets
          • Data Attributes
          • Layout Widgets
          • Card Widgets
          • Listing Widgets
        • Window Events
        • Troubleshooting
        • Customization & Styling
        • Version Change Notes
          • 3.2.1 - CSS Selector Changes
          • 3.1.1 - CSS Selector Changes
      • Claim Widgets
        • Widgets
          • Data Attributes
          • Complete Claim Widget
          • Buy Button Only Widget
          • Mint Count Widget
        • Troubleshooting
        • Customization & Styling
        • Version Change Notes
          • 1.7.0, 1.7.1 - CSS Selector Changes
      • Restricted Token Widget
        • Customization & Styling
      • Wallet Identity Widget
        • Customization & Styling
      • Subscription Widget
      • 6551 Display Widget
    • Manifold Ethereum Provider
  • Tools and APIs
    • Merkle Tree Tool
    • Snapshot Tool
    • Discord Tools
    • Server-Side Session Authentication
      • Signature Grant
      • Authorization Code Grant
  • Smart Contracts
    • Manifold Creator
      • Contracts
        • Creator Core
          • Common Functions
          • ERC721 Functions
          • ERC1155 Functions
        • Extensions
          • Extensions Functions
          • Extensions Examples
          • Extensions Deployment Guide
            • Dynamic NFT Extension
            • Lazy Mint Extension ERC1155
            • Lazy Mint Extension ERC721
        • Mint Permissions
          • Mint Permissions Functions
      • Prior Versions
        • 1.0.x
          • Creator Core
            • Common Functions
            • ERC721 Functions
            • ERC1155 Functions
          • Extensions
            • Extensions Functions
            • Extensions Examples
            • Extensions Deployment Guide
              • Dynamic NFT Extension
              • Lazy Mint Extension ERC1155
              • Lazy Mint Extension ERC721
          • Mint Permissions
            • Mint Permissions Functions
        • 2.0.x
          • Creator Core
            • Common Functions
            • ERC721 Functions
            • ERC1155 Functions
          • Extensions
            • Extensions Functions
            • Extensions Examples
            • Extensions Deployment Guide
              • Dynamic NFT Extension
              • Lazy Mint Extension ERC1155
              • Lazy Mint Extension ERC721
          • Mint Permissions
            • Mint Permissions Functions
    • Marketplace
      • Identity Verifier
    • Royalty Registry
  • Contact Us
Powered by GitBook
On this page
  • Overview
  • Example Use Case
  • Getting Started
  • Verifying an authenticated session
  • Reading the frontend session token
  • Server-Side Validation

Was this helpful?

  1. Tools and APIs
  2. Server-Side Session Authentication

Signature Grant

Overview

This article describes how you would verify an authenticated session's wallet address when using the Signature Grant Type.

Example Use Case

  • Accessing/modifying private user data A user is authenticated on the frontend and wants to view or modify private user data. The server should independently verify the authenticated wallet address prior to allowing access to this data.

Getting Started

This tutorial assumes you are using the Connect Widget.

The first thing you will need to do is create a Developer App of type Signature Grant. This will give you a clientId which will be used on your frontend via the Connect Widget, which handles client-side authentication. Please follow the tutorial for the Connect Widget prior to continuing.

Verifying an authenticated session

In order to verify an authenticated session, you will need to read the session token on your frontend application and pass it back to your backend server.

Reading the frontend session token

There are two ways to retrieve the frontend session token

Method 1: Via the Manifold Ethereum Provider

const token = await window.ManifoldEthereumProvider.getOAuth({
  grantType: "signature",
  appName: "<your app name>",
  clientId: "<your app client id>"
});

Method 2: Via the m-authenticated event

window.addEventListener('m-authenticated', async (event) => {
  // a Manafild Data Client will be provided in the event details
  const client = event.detail.client;
  const token = client.token;
  // do something
})

Server-Side Validation

Once you retrieve the session token on the frontend client, pass it back to your server endpoint.

Here is an example in how to verify a session token in an Express backend server:

app.get('/verify', async (req: any, res: any) => {
  const token = req.query.token
  const response = await fetch('https://oauth2.manifoldxyz.dev/verify', {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Accept: "application/json",
    },
    body: JSON.stringify({
      token: token,
    }),
  });
  
  if (response.status !== 200) return res.sendStatus(403);
  
  const responseJson = await response.json();
  const address = responseJson.unwrappedJWT?.address;

  if (!address) return res.sendStatus(403);

  // You now have the address associated with the authenticated session
  // do whatever you need
  
  return res.sendStatus(200);
})

Last updated 2 years ago

Was this helpful?