Verify Message

Verify Signature

After signing a challenge, you will get some signed data includes credential info, challenge, message and signature. You can verify the signature by using the credential info and the message.


To learn more about the signChallenge function, please check the API Reference.


challenge vs. message

challenge is what you as a developer want JoyID to sign. message is what JoyID actually signs, which is a combination of challenge and some other data (such as authenticator data, etc.), and challenge will be always included in message. For more information, you can check out the WebAuthn Spec (opens in a new tab).

The process of verifying a signature has 2 steps:

  1. Verify the message that contains the challenge that you requested to sign.
  2. Verify the signature that is signed by the credential.
import { verifySignature, signChallenge } from '@joyid/ckb'
const data = await signChallenge(quest)
const result = await verifySignature(data)
alert(result) // true or false

Try it out