Xumm JS/TS SDK

Question

Xumm JS/TS SDK

Closed this issue a year ago · 7 comments

Hey, is there any use case where the jwt token issued_user_token is used in the Xumm SDK?

The documentation is incomplete and as far as I can figure out from it, the jwt token is to be used with the REST APIs. Can it be used with the SDK as well?

Answer 1 · 2023-06-24T21:54:26.000Z

The user_token is already implicitly present in the JWT.

The user_token is only used when you are using the SDK/API in a non-user context. If you obtain a JWT from xApp or OAuth2/PKCE sign in, the sign in and JWT is already issued for a specific user.

If you use the SDK/API with API key and Secret (backend use), you're running in a non-user context. In this case, if you want to send a payload to a specific user, you need the 'User Token' in the payload options.

Answer 2 · 2023-06-24T22:11:54.000Z

Alright, got that. What I'm trying to do is have a Next.js webapp which calls an Express server where I'm using the unified XUMM SDK. Now when someone scans QR code and signs the request, the JWT token is being generated. Now I want to get the user's XRPL wallet address from the JWT, but there's nothing mentioned on the documentation regarding this.
How can I verify the signature for the JWT and get the XRPL wallet address.

Edit:
*Universal XUMM SDK

Answer 3 · 2023-06-24T22:20:02.000Z

If you decode the JWT the account address is in the JWT :) Try pasting the JWT in jwt.io

To verify JWT validity (signature), see:
https://docs.xumm.dev/concepts/authorization

What it comes down to:

OAuth/PKCE JWT = verify based on public certificate info (RS256) https://oauth2.xumm.app/certs
xApps = verify with your own API key secret as JWT secret (HS256) https://docs.xumm.dev/environments/xapps-dapps/your-own-backend-auth

Answer 4 · 2023-06-24T22:35:33.000Z

Okay, jwt.io can't decode the token. I found this, can I use this method to get the wallet address from the JWT?
https://xumm.readme.io/v1.0/docs/sdk-helpers-verifyusertokens

I believe this is exactly what I'm looking for but it's incomplete and I'm kind of confused which is the documentation website:
https://xumm.readme.io/
or https://docs.xumm.dev/

Answer 5 · 2023-06-24T22:45:57.000Z

I think there's some confusion; the user_token is a UUID, not a JWT.

Are you trying to verify the validity of a user token? If so:

https://github.com/XRPL-Labs/XUMM-SDK#sdkverifyusertokensstring--sdkverifyusertokenstring

(Will add this to the list of docs to improve)

Answer 6 · 2023-06-25T15:14:24.000Z

Ah, thanks. Got the crux of it now. I was misinterpreting it I guess.

Answer 7 · 2023-06-25T18:39:43.000Z

Perfect :) Happy to hear it's clear now :)