Guides

Connecting and Signing In

Connect to the wallet and authenticate the user.

Suggest Edits

Connecting to Glow

To interact with a wallet, you first need to connect to it so you know its address.

To do so, use the window.glow.connect function. Calling it for the first time from your site triggers a connection prompt to the user. Once approved by the user, the function will return with the address of their wallet.

Subsequent connection requests are approved automatically without additional prompts, unless the user revokes access of your site.

try {
    const resp = await window.glow.connect();
    console.log(resp.address); // 636Lq2zGQDYZ3i6hahVcFWJkY6Jejndy5Qe4gBdukXDi
} catch (err) {
    // User rejected the connection request
}

The resp object also includes a publicKey field, which holds a GPublicKey object that can be used to convert the wallet address into a variety of other formats.

class GPublicKey {
    equals(publicKey: GPublicKey): boolean;
    toBase58(): string;
    toJSON(): string;
    toBytes(): Uint8Array;
    toBuffer(): Buffer;
    toString(): string;
}

Connecting Silently

Sometimes it's useful to attempt to connect on page load, so returning users don't need to manually connect. For this purpose, glow.connect function offers an optional onlyIfTrusted parameter (defaulting to false). When set to true, Glow will attempt a silent connection. If the user has previously connected to your site, the above response is returned. Otherwise, the request will fail without a prompt, and you can instruct the user to manually connect later (without the onlyIfTrusted parameter).

try {
    const resp = await window.glow.connect({ onlyIfTrusted: true });
    console.log(resp.address); // 636Lq2zGQDYZ3i6hahVcFWJkY6Jejndy5Qe4gBdukXDi
} catch (err) {
    // User hasn't connected to your site before.
    // No prompt is shown. The request would silently fail.
}

Signing In

If the only purpose for you to connect to a wallet is to sign transactions, the glow.connect function above suffices. However, you may have a user system that gives users certain privileges once they "sign in."

It is convenient for users to be able to sign in with their wallets. However, it is important that you do it securely. Usually, sites ask users to sign a message to prove their identity. However, if the message is static or weak, it is possible for an attacker to obtain the signature from the victim beforehand and replay it to the site to gain access.

Glow makes signing in easy and secure with the window.glow.signIn function. When called, a dedicated sign in prompt is presented. Under the hood, a dynamic message is signed, which you can then use to verify the user's identity.

try {
   const { 
       address,          // The user's address
       message,          // The raw message signed by Glow
       signatureBase64,  // The signature
   } = await window.glow.signIn(); 
} catch (err) {
    // User rejected the sign in request
}

On the server, you can verify the signature with the @glow-xyz/glow-client package. To install:

npm install --save @glow-xyz/glow-client

Then, you can use it on the backend as such:

import { verifySignIn } from "@glow-xyz/glow-client";

verifySignIn({
    message,              // The raw message signed by the user           
    expectedDomain,       // Your domain
    expectedAddress,      // The address of the user
    maxAllowedTimeDiffMs, // How "fresh" the signature needs to be
    signature,            // The signature
});

The function above will parse the message (generated automatically by the Sign In prompt), verify that it is for your domain and the correct address, and is fresh according to your requirements. With this, you can sign the user in securely and easily.

Updated about 2 years ago