User authentication

If you want to ensure that a multisig that access your app is being used by a member

On a normal Dapp a user might need to sign a message with their private key to access it. This involves having an EOA, a wallet and signing a message. Then this message is usually checked against the app proclaimed wallet to authenticate the user.

Since nomos multisigs are smart contracts, this workflow is not possible. But we have other ways to check if the user is a member of our contract.

Going back to where to check if the user is using nomos to access your app, you would perform a condition like this:

const isIframe = window !== window.parent; //check if its an iframe
const client = isIframe
  ? await SigningNomosClient.connectWithSigner(network.rpc, offlineSigner) //use our provider
  : await SigningCosmWasmClient.connectWithSigner(network.rpc, offlineSigner); //use cosmos provider

We can continue this to make another flow for your authentication process. It goes like this:

1 - Getting user EOA signature: This is accessible from our nomos providers by the methods sign, signDirect and signAmino. You can use any of these to sign a message defined by you.

2 - Getting multisig members: You already have the multisig address when getting the user account from our provider.

3 - Checking the signature against those members: You only need to query the multisig members and check the signature against them. If there's a match between the signature creator and one of the member, then you're done!

Now let's show an example:

const sign = (provider:SigningCosmwasmClient)=>{
    // your signature logic using provider.sign
}

const accounts = await offlineSigner.getAccounts();
const account = isIframe ? (await archClient.getAccount(""))?.address : accounts[0].address;
let isValidSignature = false;

if (isIframe){
    const signature = sign(cosmClient)
    const members = await cosmClient.queryContractSmart(
        account.address, // the multisig address
        {"get_members":[]}
    );
    isValidSignature = members.members.some(memberAddr=>
        verifySignature(signature,memberAddr)
    );
} else {
    const signature = sign(cosmClient)
    isValidSignature = verifySignature(signature, account.address)
}

// rest of logic