Do we verify the Signature?

[gavinharris-dev]

Does the code currently verify the authenticity of the signed message in any way? I can see that we are ensuring that the token is correctly formed but are we checking if the signature provided is a signature for this token?

[pyropy]

No there is no code for signature checking currently in place.

[gavinharris-dev]

Okay cool; I will investigate as this would be important to try preventing spoofing of a token

[pierre-andre-long]

Thanks for this update, i implemented it and it works fine until I changed the implementation of the cardano api call to the new one, check #5 .

[gavinharris-dev]

Yeah I need to rework the way that I am integrating with the Wallet; CIP-30 changed this process to be more generic.

[gavinharris-dev]

I've updated my fork to handle the updated 'signData' api response. It was a little different to just returning a 'string' output.