Get started with these examples
Create two endpoints to support Aptos account authentication to your off-chain backend.
import { getCookie, setCookie } from "hono/cookie";
import { Hono } from "hono";
import { z } from "zod";
const auth = new Hono();
auth.get("/auth/siwa", (c) => {
const nonce = generateNonce();
const input = {
nonce,
statement: "Sign into to get access to this demo application",
} satisfies AptosSignInInput;
setCookie(c, "siwa-input", JSON.stringify(input), {
httpOnly: true,
sameSite: "lax",
});
return c.json({ data: input });
});
auth.post(
"/auth/siwa/callback",
async (c) => {
const { output } = c.req.valid("json");
const input = getCookie(c, "siwa-input");
if (!input) return c.json({ error: "input_not_found" }, 400);
const deserializedOutput = deserializeSignInOutput(output);
if (!signatureVerification.valid) {
return c.json(
{ error: `${signatureVerification.errors.join(", ")}` },
400,
);
}
const messageVerification = verifySignInMessage(
{ ...(JSON.parse(input) as AptosSignInInput), domain: FRONTEND_URL },
deserializedOutput.message,
);
if (!messageVerification.valid) {
return c.json({ error: `${messageVerification.errors.join(", ")}` }, 400);
}
// ... Generate and store a session for the user
return c.json({ data: true });
}
);