# Signature Grant

## Overview

This article describes how you would verify an authenticated session's wallet address when using the [Signature Grant Type](/manifold-for-developers/resources/apps/grant-types.md).

### Example Use Case

* Accessing/modifying private user data\
  A user is authenticated on the frontend and wants to view or modify private user data.  The server should independently verify the authenticated wallet address prior to allowing access to this data.

## Getting Started

{% hint style="info" %}
This tutorial assumes you are using the [Connect Widget](/manifold-for-developers/resources/widgets/connect-widget.md).
{% endhint %}

The first thing you will need to do is create a [Developer App](https://docs.manifold.xyz/v/manifold-for-developers/get-started/developer-app#authorization-code-grant) of type **Signature Grant**. This will give you a `clientId` which will be used on your frontend via the [Connect Widget](/manifold-for-developers/resources/widgets/connect-widget.md), which handles client-side authentication.  Please follow the tutorial for the [Connect Widget](/manifold-for-developers/resources/widgets/connect-widget.md) prior to continuing.

## Verifying an authenticated session

In order to verify an authenticated session, you will need to read the session token on your frontend application and pass it back to your backend server.

### Reading the frontend session token

There are two ways to retrieve the frontend session token

#### Method 1: Via the [Manifold Ethereum Provider](/manifold-for-developers/resources/manifold-ethereum-provider.md#wallet-and-contract-interaction)

```javascript
const token = await window.ManifoldEthereumProvider.getOAuth({
  grantType: "signature",
  appName: "<your app name>",
  clientId: "<your app client id>"
});
```

#### Method 2: Via the `m-authenticated` event

```javascript
window.addEventListener('m-authenticated', async (event) => {
  // a Manafild Data Client will be provided in the event details
  const client = event.detail.client;
  const token = client.token;
  // do something
})
```

### Server-Side Validation

Once you retrieve the session token on the frontend client, pass it back to your server endpoint.

Here is an example in how to verify a session token in an Express backend server:

```typescript
app.get('/verify', async (req: any, res: any) => {
  const token = req.query.token
  const response = await fetch('https://oauth2.manifoldxyz.dev/verify', {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Accept: "application/json",
    },
    body: JSON.stringify({
      token: token,
    }),
  });
  
  if (response.status !== 200) return res.sendStatus(403);
  
  const responseJson = await response.json();
  const address = responseJson.unwrappedJWT?.address;

  if (!address) return res.sendStatus(403);

  // You now have the address associated with the authenticated session
  // do whatever you need
  
  return res.sendStatus(200);
})
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.manifold.xyz/manifold-for-developers/tools-and-apis/server-side-session-authentication/signature-grant.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.