Get started with these examples
Create two endpoints to support Aptos account authentication to your off-chain backend.
import { getCookie, setCookie } from "hono/cookie";
import { Hono } from "hono";
import { z } from "zod";
const auth = new Hono();
auth.get("/auth/siwa", (c) => {
const nonce = generateNonce();
const input = {
nonce,
domain: "myapp.com",
statement: "Sign into to get access to this demo application",
} satisfies AptosSignInInput;
setCookie(c, "siwa-input", JSON.stringify(input), {
httpOnly: true,
sameSite: "lax",
});
return c.json({ data: input });
});
auth.post(
"/auth/siwa/callback",
async (c) => {
const { output } = c.req.valid("json");
const expectedInput = getCookie(c, "siwa-input");
if (!expectedInput) return c.json({ error: "input_not_found" }, 400);
const deserializedOutput = deserializeSignInOutput(output);
const signatureVerification = await verifySignInSignature(deserializedOutput);
if (!signatureVerification.valid) {
return c.json(
{ error: `${signatureVerification.errors.join(", ")}` },
400,
);
}
const messageVerification = await verifySignInMessage({
input: deserializedOutput.input,
expected: JSON.parse(expectedInput) as AptosSignInInput,
publicKey: deserializedOutput.publicKey,
);
if (!messageVerification.valid) {
return c.json(
{ error: `${messageVerification.errors.join(", ")}` },
400,
);
}
// ... Generate and store a session for the user
return c.json({ data: true });
}
);