0xPass's Access Token Scheme
When a user connects their wallet and authenticates themselves, 0xPass provides an authentication token in the form of a JWT.
This provides verifiable proof of wallet ownership and should be used to secure communication between your frontend and backend.
Access tokens are JSON Web Tokens (JWT) which contain the following claims with user information such as:
sidrepresents the user's current session ID.
subcorresponds to the user's 0xPass ID.
issindicates the token issuer, which should always be 0xpass.io.
audis your project API Key.
iatis the timestamp for when the JWT was issued.
expis the timestamp when the JWT will expire and become invalid, typically 1 hour after issuance.
You should use the 0xPass JWT to secure the communication between your frontend and backend. For each of these components, you should do the following:
Frontend - Fetch Token
Include the auth token when you send a request to your backend
Backend - Verify Token
Verify the token when you receive a request from your frontend