Skip to main content

Signing

Aptos message signatures are commonly used for login authentication, address ownership proof, or off-chain authorization. Please include nonce, application information and necessary context in the message to avoid signature replay.

Approve msg

The following example asks the user to sign a login message:

const message = "Welcome to MyApp!\n\nClick to sign in.\n\nNonce: demo-nonce-001";

const requestResult = await provider.signMessage({
  message,
  nonce: "demo-nonce-001", // Nonce used to prevent replay
});

console.log({
  signature: requestResult.signature, // Note: Hexadecimal encoded signature
  fullMessage: requestResult.fullMessage, // Note: Complete signed message
  kaspa: requestResult.kaspa, // Note: Message prefix used for signing
});

Message options

const requestResult = await provider.signMessage({
  message: "Aptos sample message",
  nonce: "demo-nonce-value",
  address: true, // Note: Include address in message
  application: true, // Note: Contains application information
  chainId: true, // Note: Contains chain ID
});

Off-chain signature verification

import nacl from "tweetnacl";

const { signature, fullMessage } = await provider.signMessage({
  message: "Aptos sample message",
  nonce: "demo-nonce-value",
});

const account = await provider.account();
const pubKeyBytes = Buffer.from(account.publicKey.slice(2), "hex");
const signatureBytes = Buffer.from(signature.slice(2), "hex");
const messageBytes = Buffer.from(fullMessage);

const isValid = nacl.sign.detached.verify(
  messageBytes,
  signatureBytes,
  pubKeyBytes,
);
console.log("Signature check passed:", isValid);

AIP login process

If your project uses the Aptos standardized login process, you can use signIn:

const signInInput = {
  // Note: Login inputs
};

const callResult = await provider.signIn(signInInput);

console.log({
  address: callResult.address,
  publicKey: callResult.publicKey,
  signature: callResult.signature,
});

Handle Errors

try {
  await provider.signMessage({ message: "Hello", nonce: "123" });
} catch (error) {
  switch (error.code) {
    case 4001:
      console.log("The user declined the request");
      break;
    case 4100:
      console.log("Not authorized - wallet is locked");
      break;
    case 4200:
      console.log("This method is not supported");
      break;
    default:
      console.error("Operation error:", error.message);
  }
}