Skip to main content

Sign arbitrary messages

tip

If you want to authenticate a user, please refer to the Sign-In with Ethereum page.

This article explains how to request a signature from the LUKSO browser extension.

Example of Sign-In with Ethereum screen

1. Initialize a blockchain provider

The browser extension injects a global API into the website that is visited. This API is available under window.ethereum. You can use this object to initialise your web3.js or Ethers.js library.

import { ethers } from 'ethers';

const etherProvider = new ethers.providers.Web3Provider(window.ethereum);

2. Get the Universal Profile address

A call to requestAccounts will open the extension popup and prompt the user to select her or his Universal Profile to interact with your Dapp. The LUKSO browser extension will send the Universal Profile address back to your Dapp (which is the address of the LSP0 - ERC725 Account smart contract).

const accountsRequest = await etherProvider.send('eth_requestAccounts', []);
const signer = etherProvider.getSigner();
const upAddress = await signer.getAddress();
// 0x3E39275Ed3B370E074534edeE13a166512AD32aB

3. Sign the message

Once you have access to the Universal Profile address, you can request a signature. The browser extension will sign the message with the controller key used by the extension (a smart contract can't sign).

caution

When calling Ethers.js signer.signMessage( message ), it uses personal_sign RPC call under the hood. However, our extension only supports the latest version of eth_sign. Therefore, you need to use provider.send("eth_sign", [upAddress, message]) instead.

You can get more information here and here.

const message = 'Please sign this message 😊';
const signature = await etherProvider.send('eth_sign', [upAddress, message]);
// 0x38c53...

4. Verify the signature

Your Dapp has now received a message signed by the controller address of the Universal Profile. To finalise the login, you need to verify if the message was signed by an address which has the SIGN permission for this Universal Profile.

The verification process is the same as for Sign-In with Ethereum, you can check how it is done there.