[BUG] Unclear error message in wallet-based authentication

[NabinKawan]

I've added support for wallet-based authentication for PDF in cardano-test-wallet. The authentication flow failed with the following error message:

  {
    "data": null,
    "error": {
        "status": 400,
        "name": "ApplicationError",
        "message": "Login failed",
        "details": {}
    }
} 

The error is unclear, making it hard to figure out the actual reason for failing.

Payload to sign:

Please sign this message to verify your identity at 19 June 2024 15:18:29

Format of signature used:

type DataSignature = {|
  signature: cbor<COSE_Sign1>,
  key: cbor<COSE_Key>,
|};

For detailed information on the signing specification, refer to CIP-0008 signing spec.

Steps to reproduce:

curl 'https://dev.api.pdf.gov.tools/api/auth/local' \
  -H 'authority: dev.api.pdf.gov.tools' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'accept-language: en-US' \
  -H 'content-type: application/json' \
  -H 'origin: http://localhost:5173' \
  -H 'referer: http://localhost:5173/' \
  --data-raw '{"identifier":"0025b3adff96c6b2ecfb395593f8c9320ff34b743a5f5f0a467721feefb5d13f4b038f95b941829c8e42bfa6cf6191358e38fe56305e4266a0","signedData":{"key":"a4010103272006215820105e4327ed8c9f7418b876290172b9d52b9a5fcced6a1d3f589d4f1184eb966d","signature":"845846a20127676164647265737358390025b3adff96c6b2ecfb395593f8c9320ff34b743a5f5f0a467721feefb5d13f4b038f95b941829c8e42bfa6cf6191358e38fe56305e4266a0a166686173686564f45849506c65617365207369676e2074686973206d65737361676520746f2076657269667920796f7572206964656e74697479206174203139204a756e6520323032342031353a31383a32395840094d0326574ac0c019823b4017a19d41b7f493b410609c5e83ba1e1d93cc596679aedcd2009e1c1e9d930f926d4095a8fc834def97ede3ce19bbff5669732601"}}'
  

[teske00]

@NabinKawan This is an example of the implementation of the login function, where for the payload we send an identifier that is a change address and a signData object. Have you tried this?

[NabinKawan]

@teske00 The error is generated from the backend side. On the frontend, I am using cardano-test-wallet, which is a wallet we have implemented for our tests. The curl request mentioned in the ticket is request made by frontend using the login function you specified.

My question is, the error message is unclear. I have already implemented the signData logic in cardano-test-wallet. Could you please help clarify what is causing this failure?

[teske00]

We have updated the backend, try again and let us know what response you get

[NabinKawan]

{"data":null,"error":{"status":400,"name":"ApplicationError","message":"Verification failed","details":{}}}

It is still unclear, Login failed has been changed to Verification failed. Could you provide the error log on signature above?

[teske00]

In fact, the response returns what the problem is, and the problem is that the signDate verification did not pass

[bosko-m]

@NabinKawan Is this enough, can we close the issue?

[NabinKawan]

Yes, it has been fixed and version of cardano-test-wallet has been updated. #1455