From 3cac85306c3b018677f3f6720053b0cc96a2ac1e Mon Sep 17 00:00:00 2001 From: Wilson Cusack Date: Tue, 22 Jul 2025 13:00:27 -0400 Subject: [PATCH 1/3] update auth guide --- .../guides/authenticate-users.mdx | 33 +++++++++++++------ 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/docs/base-account/guides/authenticate-users.mdx b/docs/base-account/guides/authenticate-users.mdx index bcb58132..22859893 100644 --- a/docs/base-account/guides/authenticate-users.mdx +++ b/docs/base-account/guides/authenticate-users.mdx @@ -22,10 +22,14 @@ sequenceDiagram participant SDK participant Account - User->>Browser: Click "Sign in with Base" - Browser->>AppServer: GET /auth/nonce - AppServer-->>Browser: nonce + alt Generate locally + Browser->>Browser: randomNonce() + else Prefetch + Browser->>AppServer: GET /auth/nonce (on page load) + AppServer-->>Browser: nonce + end + User->>Browser: Click "Sign in with Base" Browser->>SDK: wallet_connect(signInWithEthereum {nonce}) SDK->>Account: wallet_connect(...) User->>Account: Approve connection @@ -47,12 +51,15 @@ sequenceDiagram ```ts Browser (SDK) import { createBaseAccountSDK } from "@base-org/account"; +import crypto from 'crypto'; -// Initialise the SDK (no config needed for defaults) +// Initialize the SDK (no config needed for defaults) const provider = createBaseAccountSDK().getProvider(); -// 1 — fetch a nonce from your backend -const nonce = await fetch('/auth/nonce').then(r => r.text()); +// 1 — get a fresh nonce (generate locally or prefetch from backend) +const nonce = crypto.randomUUID().replace(/-/g, ''); +// OR prefetch from server +// const nonce = await fetch('/auth/nonce').then(r => r.text()); // 2 — connect and authenticate try { @@ -61,7 +68,7 @@ try { params: [{ version: '1', capabilities: { - signInWithEthereum: { nonce, chainId: '0x1' } + signInWithEthereum: { nonce, chainId: '0x2105' } } }] }); @@ -96,9 +103,15 @@ export async function verifySig(req, res) { If using the above code beyond Base Account, note that not every wallet supports the new [wallet_connect method](https://eips.ethereum.org/EIPS/eip-7846) yet. If the call throws method_not_supported, fall back to using eth_requestAccounts and personal_sign. + +To avoid [popup blockers](/base-account/more/troubleshooting/usage-details/popups#default-blocking-behavior), fetch or generate the nonce before the user presses "Sign in with Base" (for example on page load). For security, the only requirement is that your backend keeps track of every nonce and refuses any that are reused – regardless of where it originated. + + +{/* +TODO: Link Wagmi Sign in with Base guide For a full React example see the React + Wagmi guide. - + */} ### Example Express Server @@ -146,10 +159,10 @@ app.listen(3001, () => console.log('Auth server listening on :3001')); Use the pre-built component for a native look-and-feel: -```tsx title="Checkout.tsx" +```tsx title="App.tsx" import { SignInWithBaseButton } from '@base-org/account-ui/react'; -export function Checkout() { +export function App() { return ( Date: Tue, 22 Jul 2025 13:01:39 -0400 Subject: [PATCH 2/3] clarify chain id --- docs/base-account/guides/authenticate-users.mdx | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/base-account/guides/authenticate-users.mdx b/docs/base-account/guides/authenticate-users.mdx index 22859893..8607f429 100644 --- a/docs/base-account/guides/authenticate-users.mdx +++ b/docs/base-account/guides/authenticate-users.mdx @@ -68,7 +68,10 @@ try { params: [{ version: '1', capabilities: { - signInWithEthereum: { nonce, chainId: '0x2105' } + signInWithEthereum: { + nonce, + chainId: '0x2105' // Base Mainnet - 8453 + } } }] }); From 6208addb451bce62d064fc9848d2e6d1114479e8 Mon Sep 17 00:00:00 2001 From: youssefea Date: Tue, 22 Jul 2025 18:38:17 +0100 Subject: [PATCH 3/3] add link and change crypto --- docs/base-account/guides/authenticate-users.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/base-account/guides/authenticate-users.mdx b/docs/base-account/guides/authenticate-users.mdx index 8607f429..0af450d2 100644 --- a/docs/base-account/guides/authenticate-users.mdx +++ b/docs/base-account/guides/authenticate-users.mdx @@ -57,7 +57,7 @@ import crypto from 'crypto'; const provider = createBaseAccountSDK().getProvider(); // 1 — get a fresh nonce (generate locally or prefetch from backend) -const nonce = crypto.randomUUID().replace(/-/g, ''); +const nonce = window.crypto.randomUUID().replace(/-/g, ''); // OR prefetch from server // const nonce = await fetch('/auth/nonce').then(r => r.text()); @@ -103,7 +103,7 @@ export async function verifySig(req, res) { -If using the above code beyond Base Account, note that not every wallet supports the new [wallet_connect method](https://eips.ethereum.org/EIPS/eip-7846) yet. If the call throws method_not_supported, fall back to using eth_requestAccounts and personal_sign. +If using the above code beyond Base Account, note that not every wallet supports the new [wallet_connect method](/base-account/reference/core/provider-rpc-methods/wallet_connect) yet. If the call throws [method_not_supported], fall back to using eth_requestAccounts and personal_sign.