Basically what you want to do is implement a challenge / response handshake.
Login:
- Visitor lands on the page. A request is made to the backend to get a "challenge" which can be any random string. The goal here is nobody could guess it ahead of time.
- Frontend now has the challenge. Use moneyButton sign function to generate a signature from the visitor's wallet
- Send the signature to the backlend. Server checks if the signature is valid for the user's public key against the given challenge message. You should be able to use the verify message function from bsv.js to validate it.
- If this is the first time they logged in, you store a user record with their public moneybutton id so you can associate future logins to the user.
Hope that helps some
Basically what you want to do is implement a challenge / response handshake.
Login:
- Visitor lands on the page. A request is made to the backend to get a "challenge" which can be any random string. The goal here is nobody could guess it ahead of time.
- Frontend now has the challenge. Use moneyButton sign function to generate a signature from the visitor's wallet
- Send the signature to the backlend. Server checks if the signature is valid for the user's public key against the given challenge message. You should be able to use the verify message function from bsv.js to validate it.
- If this is the first time they logged in, you store a user record with their public moneybutton id so you can associate future logins to the user.
Hope that helps some