Problem
The auth/verify endpoint only accepts raw Ed25519
signatures. The Freighter browser extension signs using
SEP-0043, which adds a prefix to the message before
signing. So browser-based apps can't authenticate with
StepFi without the mobile app.
Context
SEP-0043 is the Stellar standard for browser wallet
signing. Supporting it makes StepFi-Web work for
Freighter and Rabet users.
Before Starting
Read these context files:
- context/architecture-context.md
- context/code-standards.md
- src/modules/auth/auth.service.ts
- src/modules/auth/dto/verify-request.dto.ts
What To Build
Update auth.service.ts verify() method to:
- Try raw Ed25519 verification first (mobile)
- If that fails, try SEP-0043 verification (browser)
- Return JWT if either succeeds
Add signatureType field to VerifyRequestDto:
signatureType: 'raw' | 'sep0043' (optional, defaults to raw)
SEP-0043 prefix: the message signed is:
'Stellar Signing Key: ' + nonce
Files To Touch
- src/modules/auth/auth.service.ts
- src/modules/auth/dto/verify-request.dto.ts
Acceptance Criteria
Mandatory Checks Before PR
Problem
The auth/verify endpoint only accepts raw Ed25519
signatures. The Freighter browser extension signs using
SEP-0043, which adds a prefix to the message before
signing. So browser-based apps can't authenticate with
StepFi without the mobile app.
Context
SEP-0043 is the Stellar standard for browser wallet
signing. Supporting it makes StepFi-Web work for
Freighter and Rabet users.
Before Starting
Read these context files:
What To Build
Update auth.service.ts verify() method to:
Add signatureType field to VerifyRequestDto:
signatureType: 'raw' | 'sep0043' (optional, defaults to raw)
SEP-0043 prefix: the message signed is:
'Stellar Signing Key: ' + nonce
Files To Touch
Acceptance Criteria
Mandatory Checks Before PR