Implement JWT Authentication for Wallet Signatures

[meshackyaro]

Description

This issue aims to address the implementation of Implement JWT Authentication for Wallet Signatures.

The core objective is to: Users should authenticate by signing a nonce with their Freighter wallet.

By completing this feature, we will ensure that the TrustFlow protocol maintains its high standards for security, usability, and decentralized logic. This issue requires careful attention to the Backend architecture and adherence to the existing project conventions.

When picking up this issue, please ensure you document any new dependencies or architectural decisions made during development.

Component

Backend

Difficulty

🔴 Hard

Tasks

• Review Node.js API architecture in backend/
• Implement logic for: Implement JWT Authentication for Wallet Signatures
• Write unit tests for the new endpoints using Supertest
• Update Swagger terminology / OpenAPI specs
• Verify PostgreSQL queries are optimized
• Run npm run lint

Acceptance Criteria

• Feature accurately implements the objective: Users should authenticate by signing a nonce with their Freighter wallet.
• Any PR that introduces TypeScript/Rust errors is automatically blocked
• CI pipeline runs in under 3 minutes per PR
• Code is properly reviewed and approved by codeowners

Estimated Time

1-3 days

[Josie123-Dev]

Hello Team,

I would like to work on the "Implement JWT Authentication for Wallet Signatures" issue.

Understanding of the Issue

The goal is to enable users to authenticate by signing a unique nonce with their Freighter wallet instead of using traditional username/password authentication. Once the signature is verified, the backend should generate and return a JWT token that can be used for authenticated requests across the TrustFlow protocol.

This approach improves security by leveraging wallet ownership verification while maintaining a seamless user experience aligned with decentralized application standards.

Proposed Implementation

I plan to implement the feature using the following flow:

1. Generate a cryptographically secure nonce on the backend.

2. Send the nonce to the client for signing via the Freighter wallet.

3. Receive the signed message and wallet public key.

4. Verify the signature against the provided public key.

5. Upon successful verification:

   • Create a JWT token containing the wallet address and relevant claims.
   • Return the token to the client.

6. Implement middleware to validate JWT tokens for protected routes.

7. Add appropriate expiration and refresh strategies if required by the existing architecture.

Technical Considerations

• Secure nonce generation and storage to prevent replay attacks.
• Proper JWT signing and validation.
• Signature verification using Stellar/Freighter-compatible libraries.
• Clear separation of authentication logic within the backend architecture.
• Documentation of all new dependencies and architectural decisions.
• Comprehensive testing for successful authentication, invalid signatures, expired nonces, and JWT validation.

Relevant

• Backend API development
• JWT authentication and authorization
• Blockchain wallet authentication flows
• Stellar ecosystem and Freighter wallet integrations
• Security-focused application development

Deliverables

• Wallet signature authentication endpoint
• JWT issuance and validation middleware
• Replay attack protection using nonces
• Unit/integration tests
• Documentation covering implementation details, dependencies, and architectural decisions

I am excited to contribute this feature and ensure it aligns with the project's security, usability, and decentralized design principles.

Thank you for your consideration.

[meshackyaro]

Hello Team,

I would like to work on the "Implement JWT Authentication for Wallet Signatures" issue.

Understanding of the Issue

The goal is to enable users to authenticate by signing a unique nonce with their Freighter wallet instead of using traditional username/password authentication. Once the signature is verified, the backend should generate and return a JWT token that can be used for authenticated requests across the TrustFlow protocol.

This approach improves security by leveraging wallet ownership verification while maintaining a seamless user experience aligned with decentralized application standards.

Proposed Implementation

I plan to implement the feature using the following flow:

1. Generate a cryptographically secure nonce on the backend.

2. Send the nonce to the client for signing via the Freighter wallet.

3. Receive the signed message and wallet public key.

4. Verify the signature against the provided public key.

5. Upon successful verification:

   • Create a JWT token containing the wallet address and relevant claims.
   • Return the token to the client.

6. Implement middleware to validate JWT tokens for protected routes.

7. Add appropriate expiration and refresh strategies if required by the existing architecture.

Technical Considerations

• Secure nonce generation and storage to prevent replay attacks.
• Proper JWT signing and validation.
• Signature verification using Stellar/Freighter-compatible libraries.
• Clear separation of authentication logic within the backend architecture.
• Documentation of all new dependencies and architectural decisions.
• Comprehensive testing for successful authentication, invalid signatures, expired nonces, and JWT validation.

Relevant

• Backend API development
• JWT authentication and authorization
• Blockchain wallet authentication flows
• Stellar ecosystem and Freighter wallet integrations
• Security-focused application development

Deliverables

• Wallet signature authentication endpoint
• JWT issuance and validation middleware
• Replay attack protection using nonces
• Unit/integration tests
• Documentation covering implementation details, dependencies, and architectural decisions

I am excited to contribute this feature and ensure it aligns with the project's security, usability, and decentralized design principles.

Thank you for your consideration.

When assigned, ensure you add a clear documentation, all CI checks are passing and create a good PR

[grantfox-oss]

🦊 GrantFox — @Josie123-Dev has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #29)
2. Your PR will be reviewed by the trustflow-protocol maintainers

Good luck! Track your progress on GrantFox.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@Josie123-Dev's PR #160 was approved and merged by @meshackyaro.

🏆 @Josie123-Dev: You earned 35 FoxPoints for this contribution! Your current tier: Explorer (83 total points). Track your full progress on GrantFox.

👏 Great work, @Josie123-Dev! Keep contributing to trustflow-protocol.