Xumm JS/TS SDK
Closed this issue · 7 comments
Hey, is there any use case where the jwt token issued_user_token
is used in the Xumm SDK?
The documentation is incomplete and as far as I can figure out from it, the jwt token is to be used with the REST APIs. Can it be used with the SDK as well?
The user_token
is already implicitly present in the JWT.
The user_token
is only used when you are using the SDK/API in a non-user context. If you obtain a JWT from xApp or OAuth2/PKCE sign in, the sign in and JWT is already issued for a specific user.
If you use the SDK/API with API key and Secret (backend use), you're running in a non-user context. In this case, if you want to send a payload to a specific user, you need the 'User Token' in the payload options.
Alright, got that. What I'm trying to do is have a Next.js webapp which calls an Express server where I'm using the unified XUMM SDK. Now when someone scans QR code and signs the request, the JWT token is being generated. Now I want to get the user's XRPL wallet address from the JWT, but there's nothing mentioned on the documentation regarding this.
How can I verify the signature for the JWT and get the XRPL wallet address.
Edit:
*Universal XUMM SDK
If you decode the JWT the account address is in the JWT :) Try pasting the JWT in jwt.io
To verify JWT validity (signature), see:
https://docs.xumm.dev/concepts/authorization
![image](https://private-user-images.githubusercontent.com/4756161/248515229-8509ca4f-a237-474f-8753-2f12a6c64662.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE4MjY0NTAsIm5iZiI6MTcyMTgyNjE1MCwicGF0aCI6Ii80NzU2MTYxLzI0ODUxNTIyOS04NTA5Y2E0Zi1hMjM3LTQ3NGYtODc1My0yZjEyYTZjNjQ2NjIucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyNCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjRUMTMwMjMwWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9YTliNTIwYTIzYThlYTI3NzNkZjRkYjAyZmYxYTdiNWIyNWE2ZDE2Y2RiODcyNzQ5ZDA5ZmZiZGYyOTlkZGI0YyZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.lgZun3aOr0VZ2N2BDnkRD9_CW352rAalbHnq8f8tIRY)
What it comes down to:
- OAuth/PKCE JWT = verify based on public certificate info (RS256) https://oauth2.xumm.app/certs
- xApps = verify with your own API key secret as JWT secret (HS256) https://docs.xumm.dev/environments/xapps-dapps/your-own-backend-auth
Okay, jwt.io can't decode the token. I found this, can I use this method to get the wallet address from the JWT?
https://xumm.readme.io/v1.0/docs/sdk-helpers-verifyusertokens
I believe this is exactly what I'm looking for but it's incomplete and I'm kind of confused which is the documentation website:
https://xumm.readme.io/
or https://docs.xumm.dev/
I think there's some confusion; the user_token is a UUID, not a JWT.
Are you trying to verify the validity of a user token? If so:
https://github.com/XRPL-Labs/XUMM-SDK#sdkverifyusertokensstring--sdkverifyusertokenstring
(Will add this to the list of docs to improve)
Ah, thanks. Got the crux of it now. I was misinterpreting it I guess.
Perfect :) Happy to hear it's clear now :)