{"id":18488549,"url":"https://github.com/bytesbay/web3-token","last_synced_at":"2025-04-08T21:30:37.597Z","repository":{"id":38796861,"uuid":"410590155","full_name":"bytesbay/web3-token","owner":"bytesbay","description":"Web3 Token is a new way to authenticate users in a hybrid dApps using signed messages. Implementation of EIP-4361.","archived":false,"fork":false,"pushed_at":"2023-04-18T18:57:42.000Z","size":9860,"stargazers_count":376,"open_issues_count":9,"forks_count":51,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-03-14T00:53:00.240Z","etag":null,"topics":["authentication","eip-4361","ethereum","jwt","nodejs","web3"],"latest_commit_sha":null,"homepage":"","language":"Vue","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bytesbay.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-26T15:32:17.000Z","updated_at":"2025-02-07T15:41:12.000Z","dependencies_parsed_at":"2024-06-18T14:45:36.584Z","dependency_job_id":"b5b9eae8-13c6-42ee-a7f0-bf3126d0ecf5","html_url":"https://github.com/bytesbay/web3-token","commit_stats":{"total_commits":72,"total_committers":8,"mean_commits":9.0,"dds":0.4722222222222222,"last_synced_commit":"d9b8698e0d50eb1619db38dea668c2a8290b1357"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytesbay%2Fweb3-token","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytesbay%2Fweb3-token/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytesbay%2Fweb3-token/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytesbay%2Fweb3-token/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bytesbay","download_url":"https://codeload.github.com/bytesbay/web3-token/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247470897,"owners_count":20944149,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","eip-4361","ethereum","jwt","nodejs","web3"],"created_at":"2024-11-06T12:51:54.095Z","updated_at":"2025-04-08T21:30:37.587Z","avatar_url":"https://github.com/bytesbay.png","language":"Vue","readme":"![Project Presentation](https://github.com/bytesbay/web3-token/raw/main/resources/logo.jpg \"Web3 Token\")\n\n# Web3 Token\n\nWeb3 Token is a new way to authenticate users. See [this article](https://medium.com/@bytesbay/you-dont-need-jwt-anymore-974aa6196976) for more info. Implementation of [EIP-4361](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4361.md).\n\n**[🕹 Demo](https://web3token.dev)**\n\n## Version 0.2 updates 🎉\n- I'm now 90% following [EIP-4361](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4361.md). Why 90%? Because i don't like some things in that standard that makes it more difficult to use it for developers.\n- `body` (3rd parameter) is now deprecated.\n\n## Version 1.0 updates 🥂\n- Package codebase moved to Typescript\n\n---\n## Install\n\nWith [web3](https://www.npmjs.com/package/web3) package:\n\n```bash\n$ npm i web3-token web3\n```\n\nor with [ethers](https://www.npmjs.com/package/ethers) package:\n\n```bash\n$ npm i web3-token ethers\n```\n\n---\n\n## Example usage (Client side)\n\nUsing [Web3](https://www.npmjs.com/package/web3) package:\n\n```js\nimport Web3 from 'web3';\nimport Web3Token from 'web3-token';\n\n// Connection to MetaMask wallet\nconst web3 = new Web3(ethereum);\nawait ethereum.request({ method: 'eth_requestAccounts'});\n\n// getting address from which we will sign message\nconst address = (await web3.eth.getAccounts())[0];\n\n// generating a token with 1 day of expiration time\nconst token = await Web3Token.sign(msg =\u003e web3.eth.personal.sign(msg, address), '1d');\n\n// attaching token to authorization header ... for example\n```\n\nUsing [Ethers](https://www.npmjs.com/package/ethers) package:\n\n```js\nimport { ethers } from \"ethers\";\nimport Web3Token from 'web3-token';\n\n// Connection to MetaMask wallet\nconst provider = new ethers.providers.Web3Provider(window.ethereum);\nconst signer = provider.getSigner();\n\n// generating a token with 1 day of expiration time\nconst token = await Web3Token.sign(async msg =\u003e await signer.signMessage(msg), '1d');\n\n// attaching token to authorization header ... for example\n```\n\n---\n\n## Example usage (Server side)\n```js\nconst Web3Token = require('web3-token');\n\n// getting token from authorization header ... for example\nconst token = req.headers['Authorization']\n\nconst { address, body } = await Web3Token.verify(token);\n\n// now you can find that user by his address \n// (better to do it case insensitive)\nreq.user = await User.findOne({ address });\n```\n\n---\n\n## Handle exceptions\n\n```js\nconst generateToken = async () =\u003e {\n  if (!window.ethereum) {\n    return console.log('Please install and activate the metamask extension!');\n  }\n\n  const provider = new ethers.providers.Web3Provider(window.ethereum);\n  const signer = provider.getSigner();\n\n  try {\n    return await Web3Token.sign(async msg =\u003e {\n      try {\n        return await signer.signMessage(msg);\n      }\n      catch (err) {\n        const { reason } = err;\n        if (reason === \"unknown account #0\") {\n          return console.log('Have you unlocked metamask and are connected to this page?')\n        }\n\n        console.log(err.toString());\n      }\n    }, '1d');\n  }\n  catch (err) {\n    if (/returns a signature/.test(err.toString())) {\n      return;\n    }\n    console.log(err.toString());\n  }\n}\n```\n\n## Advanced usage with options (Client\u0026Server side)\n```js\n\n// I assume here a lot of things to be imported 😀\n\nconst token = await Web3Token.sign(async msg =\u003e await signer.signMessage(msg), {\n  domain: 'worldofdefish.com',\n  statement: 'I accept the WoD Terms of Service: https://service.org/tos',\n  expires_in: '3 days',\n  // won't be able to use this token for one hour\n  not_before: new Date(Date.now() + (3600 * 1000)),\n  nonce: 11111111,\n});\n\nconst { address, body } = await Web3Token.verify(token, {\n  // verify that received token is signed only for our domain\n  domain: 'worldofdefish.com'\n});\n\n```\n\n---\n\n## API\n\n### sign(signer, options)\nName | Description | Required | Example\n--- | --- | --- | ---\n`signer` | A function that returns a promise with signature string eg: web3.personal.sign(`data`, `address`) | `required` | `(body) =\u003e web3.personal.sign(body, '0x23..1234')`\n`options` | An options object or, if passed a string, will be used as an `expires_in` option | `optional` (default: `'1d'`) | `{}` or `'1 day'`\n`options.expires_in` | A string that represents a time span ([see ms module](https://github.com/vercel/ms)) or a number of milliseconds | `optional` (default: `1d`) | `'1 day'`\n`options.not_before` | A date after which the token becomes usable | `optional` | `new Date('12-12-2012')`\n`options.expiration_time` | A date till when token is valid. Overwrites `expires_in` parameter | `optional` | `new Date('12-12-2012')`\n`options.statement` | A human-readable ASCII assertion that the user will sign, and it must not contain `'\\n'` | `optional` | `'I accept the ServiceOrg Terms of Service: https://service.org/tos'`\n`options.domain` | Authority that is requesting the signing. | `optional`(Unless verifier won't ask for it) | `'example.com'`\n`options.nonce` | A token used to prevent replay attacks, at least 8 alphanumeric characters. | `optional` | `12345678`\n`options.request_id` | A system-specific identifier that may be used to uniquely refer to the sign-in request. | `optional` | `231`\n\n\n### verify(token, options)\nName | Description | Required | Example\n--- | --- | --- | ---\n`token` | A token string that is generated from `sign()` | `required` | `...`\n`options` | An options object | `optional` | `{ domain: 'example.com' }`\n`options.domain` | The domain you want to accept | `optional` | `'example.com'`\n\n---\n\n## License\nWeb3 Token is released under the MIT license. © 2023 Miroslaw Shpak\n","funding_links":[],"categories":["Vue"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbytesbay%2Fweb3-token","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbytesbay%2Fweb3-token","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbytesbay%2Fweb3-token/lists"}