Here is the frontend example that goes with this backend.
The authorization process is as follows:
-
The client fetches the payload to be signed by the wallet:
// <host>/ton-proof/generatePayload // response { "payload": "E5B4ARS6CdOI2b5e1jz0jnS-x-a3DgfNXprrg_3pec0=" }
-
The client connects to the wallet via TonConnect 2.0 and passes the
ton_proof
request with the specified payload. Refer to the frontend SDK for more details. -
The user approves the connection, and the client receives the signed payload with additional prefixes.
-
The client sends the signed result to the backend. The backend checks the correctness of all prefixes and the signature and returns the auth token:
// <host>/ton-proof/checkProof // request { "address": "0:f63660ff947e5fe6ed4a8f729f1b24ef859497d0483aaa9d9ae48414297c4e1b", // user's address "network": "-239", // "-239" for mainnet and "-1" for testnet "proof": { "timestamp": 1668094767, // unix epoch seconds "domain": { "lengthBytes": 21, "value": "ton-connect.github.io" }, "signature": "28tWSg8RDB3P/iIYupySINq1o3F5xLodndzNFHOtdi16Z+MuII8LAPnHLT3E6WTB27//qY4psU5Rf5/aJaIIAA==", "payload": "E5B4ARS6CdOI2b5e1jz0jnS-x-a3DgfNXprrg_3pec0=", // payload from step 1 "state_init": "..." } } // response { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiMDpmNjM2NjBmZjk0N2U1ZmU2ZWQ0YThmNzI5ZjFiMjRlZjg1OTQ5N2QwNDgzYWFhOWQ5YWU0ODQxNDI5N2M0ZTFiIiwiZXhwIjoxNjY4MDk4NDkwfQ.13sg3Mgt2hT9_vChan3bmQkp_Wsigj9YjSoKABTsVGA" }
-
The client can access auth-required endpoints:
// <host>/dapp/getAccountInfo?network=-239 // Bearer <token> // response { "address": "0:f63660ff947e5fe6ed4a8f729f1b24ef859497d0483aaa9d9ae48414297c4e1b" }
See more details in the Signing and Verification.