OpenId3 Docs

DAuth Verification

The ETH address for the verification key in testnet is:

Verification Sample Code

1. Proof Verification

DAuth/core provide a "verifyProof" method to verify proof. The term "proof" in this context refers to a piece of evidence or verification that includes both the signed data and the metadata associated with the signature.
import {verifyProof} from "@dauth/core";
const result = await authOtpConfirm({ // same as the authOauth() function
request_id: 'The id related to the TX or userOp',
mode: 'proof',
id_type: "mailto"
const isValid = verifyProof(result.data)
The following is the source code for verifyProof, you can implement it in your preferred language.
import { utils } from "ethers";
export const verifyProof = (
proof: IOtpConfirmReturn,
dauthSignerAddress = "0xf3b4e49Fd77A959B704f6a045eeA92bd55b3b571"
) => {
const {auth, signature} = proof
// String to hexlike
const sig = "0x" + signature
const {acc_and_type_hash, request_id} = auth
// request_id can be two types: string or hex
// The request_id can have two types of values: a simple string or a hexadecimal string.
// If the length of the request_id is 64 characters, it is treated as a hexadecimal string.
// Otherwise, if the length is different from 64, it is treated as a regular string.
const request_id_hash = request_id.length === 64
? utils.arrayify("0x" + request_id) : utils.keccak256(utils.toUtf8Bytes(request_id))
// Concat data
const msg = utils.defaultAbiCoder.encode(
["bytes32", "bytes32"],
["0x"+ acc_and_type_hash, request_id_hash])
// Hash and turn to bytes
const msgHash = utils.arrayify(utils.keccak256(msg))
// Computes the EIP-191 personal message digest of message.
// Personal messages are converted to UTF-8 bytes and prefixed with \x19Ethereum Signed Message: and the length of message.
const msgHashWithPrefix = utils.hashMessage(msgHash)
const recoveredAddress = utils.recoverAddress(msgHashWithPrefix, sig);
return recoveredAddress.toLowerCase() === dauthSignerAddress.toLocaleLowerCase()

2. JWT Verification

  • jwt document
    • when using dauth with sign_mode jwt, after user authentication, a JWT token is returned.
    • Inside JWT token's payload, there are multiple fields including:
    "alg": "RS256",
    "sub": "5ab801895f32e926912710e276f728bab070b90790b6bcd17eeb7382a4955cb5",
    "idtype": "mailto",
    "iss": "dauth.network",
    "aud": "demo",
    "iat": 1690272920,
    "exp": 1690276520
    • fields inside payloads:
      • alg: algorithm using for signing JWT, which is RS256.
      • sub: subject or user that passes authentication, it is a kecc256 hash of user account
      • idtype: account type
      • iss: issuer
      • aud: audience
      • iat: JWT issued time
      • exp: JWT expired time, usually it is 1 hour(3600 seconds) after iat
    • To use JWT token in your own code: