README, more remarks

MoralisDotNet/Moralis.AuthApi/Models/ChallengeRequestDto.cs

@@ -6,38 +6,65 @@ namespace Moralis.AuthApi.Models
 {
     public class ChallengeRequestDto
     {
+        /// <summary>
+        /// The RFC 3986 authority that is requesting the signing
+        /// </summary>
         [DataMember(Name = "domain", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "domain")]
         public string Domain { get; set; }
 
+        /// <summary>
+        /// The EIP-155 Chain ID to which the session is bound, and the network where Contract Accounts MUST be resolved.
+        /// </summary>
         [DataMember(Name = "chainId", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "chainId")]
         public long ChainId { get; set; }
 
+        /// <summary>
+        /// The Ethereum address performing the signing conformant to capitalization encoded checksum specified in EIP-55 where applicable.
+        /// </summary>
         [DataMember(Name = "address", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "address")]
         public string Address { get; set; }
 
+        /// <summary>
+        /// A human-readable ASCII assertion that the user will sign, and it must not contain '\n' (the byte 0x0a).
+        /// </summary>
         [DataMember(Name = "statement", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "statement")]
         public string Statement { get; set; }
 
+        /// <summary>
+        /// An RFC 3986 URI referring to the resource that is the subject of the signing (as in the subject of a claim).
+        /// </summary>
         [DataMember(Name = "uri", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "uri")]
         public string Uri { get; set; }
 
+        /// <summary>
+        /// The ISO 8601 datetime string that, if present, indicates when the signed authentication message is no longer valid.
+        /// </summary>
         [DataMember(Name = "expirationTime", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "expirationTime")]
         public DateTime? ExpirationTime { get; set; }
 
+        /// <summary>
+        /// The ISO 8601 datetime string that, if present, indicates when the signed authentication message will become valid.
+        /// </summary>
         [DataMember(Name = "notBefore", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "notBefore")]
         public DateTime? NotBefore { get; set; }
 
+        /// <summary>
+        /// A list of information or references to information the user wishes to have resolved as part of authentication by the relying party. They are expressed as RFC 3986 URIs separated by "\n- " where \n is the byte 0x0a.
+        /// </summary>
         [DataMember(Name = "resources", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "resources")]
         public string[] Resources { get; set; }
 
+        /// <summary>
+        /// Time is seconds at which point this request becomes invalid.
+        /// </summary>
         [DataMember(Name = "timeout", EmitDefaultValue = false)]
         [JsonProperty(PropertyName = "timeout")]
         public long Timeout { get; set; }

MoralisDotNet/Moralis.csproj

@@ -19,6 +19,7 @@
     <RepositoryType>git</RepositoryType>
     <GenerateDocumentationFile>True</GenerateDocumentationFile>
     <PackageReleaseNotes>Updated BETA version of Moralis Authentication 2.0.</PackageReleaseNotes>
+    <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
 
   <ItemGroup>
@@ -36,6 +37,10 @@
   </ItemGroup>
 
   <ItemGroup>
+    <None Include="..\README.md">
+      <Pack>True</Pack>
+      <PackagePath>\</PackagePath>
+    </None>
     <None Include="LICENSE.txt">
       <Pack>True</Pack>
       <PackagePath></PackagePath>

README.md

@@ -33,7 +33,69 @@ ServerConnectionData conData = new ServerConnectionData()
 ```
 
 ## Authentication
+Authentication flow is accomplished through the Moralis SDK AuthenticationApi but starts in a client application.
+![Demo](gifs/authentication_flow.gif)
+1. Client Application calls the custom backend server application that contains the Moralis C# SDK.
+2. Server App creates a `Moralis.AuthApi.Models.ChallengeRequestDto` request object:
+```
+ChallengeRequestDto req = new ChallengeRequestDto()
+{
+    // The Ethereum address performing the signing conformant to capitalization encoded
+    // checksum specified in EIP-55 where applicable.
+    Address = addr,
+    // The EIP-155 Chain ID to which the session is bound, and the network where Contract
+    // Accounts MUST be resolved.
+    ChainId = 80001,
+    // The RFC 3986 authority that is requesting the signing
+    Domain = "1155project.com",
+    // The ISO 8601 datetime string that, if present, indicates when the signed
+    // authentication message is no longer valid.
+    ExpirationTime = DateTime.UtcNow.AddMinutes(60),
+    // The ISO 8601 datetime string that, if present, indicates when the signed
+    // authentication message will become valid.
+    NotBefore = DateTime.UtcNow,
+    // A list of information or references to information the user wishes to have resolved
+    // as part of authentication by the relying party. They are expressed as RFC 3986 URIs
+    // separated by "\n- " where \n is the byte 0x0a.
+    Resources = new string[] { "https://www.1155project.com" },
+    // Time is seconds at which point this request becomes invalid.
+    Timeout = 120,
+    // A human-readable ASCII assertion that the user will sign, and it must not
+    // contain '\n' (the byte 0x0a).
+    Statement = "Please confirm",
+    // An RFC 3986 URI referring to the resource that is the subject of the signing
+    // (as in the subject of a claim).
+    Uri = "https://1155project.com/"
+};
+```
+3. Call the `Challenge` operation of the `AuthenticationApi.AuthEndpoint` and return the response to the calling application.
+```
+resp = await MoralisClient.AuthenticationApi.AuthEndpoint.Challenge(req, ChainNetworkType.evm);
+
+return resp;
+```
+4. Calling application signs the provided message and sends the signature back to the server application.
+5. The Server application sends the signature to Moralis for Authentication via the `CompleteChallenge` operation of the `AuthenticationApi.AuthEndpoint`. Start by creating a `ChallengCompleteRequestDTO` request object using the signature returned by the client application and the message sent to be signed. It is important that the exact message signed is returned via this request.
+```
+CompleteChallengeRequestDto completeReq = new CompleteChallengeRequestDto()
+{
+	Message = clientRequest.Message,
+	Signature = clientRequest.Signature
+};
+
+CompleteChallengeResponseDto completeResp = await MoralisClient.AuthenticationClient.AuthEndpoint.CompleteChallenge(completeReq, ChainNetworkType.evm);
 
+// ---------------------------------------------------------------------------------
+// Here is where you would save authentication information to the database.
+// ---------------------------------------------------------------------------------
+
+// ---------------------------------------------------------------------------------
+// Here is where you would generate a JWT or other authentication response object.
+// ---------------------------------------------------------------------------------
+
+// Return custom authentication response here.
+```
+6. Handle the response from Moralis and create and return your custom authentication response.
 
 # 🏗 Ethereum Web3Api Methods