Authentication

Authentication is used on all our mutation operations, as well as select query operations. In the rest of the docs, operations that requires authentication will be noted.

Overview

We use JWT tokens as our authentication on our server. Our server will first generate a random nonce which needs to be signed using your TON wallet as a verification of ownership. Upon validation of your signed message, an access (and refresh) token will be issued.

Token Validity

Access tokens are valid for 30 minutes of issuance. After which, the token will be expired and any authenticated operations you perform will return HTTP 401 error. You have to use the refresh token to get another access token after 30 minutes. Refresh tokens are valid for 7 days before you have to perform this authentication process again. There is no limits on the usage of this refresh token.

There are 3 authentication resolvers:

  1. generateNonce

  2. getToken

  3. refreshToken

generateNonce

This operation returns a nonce which needs to be signed using a TON Wallet. Each generated nonce is valid for 5 minutes. An unused nonce will be invalidated and a new nonce will need to be generated.

Query

GraphQL Operation
query GenerateNonce {
  generateNonce {
    id
    nonce
    timestamp
  }
}

Response

Parameters:

  • id: Identifier for the generated nonce

  • nonce: Message to be signed

  • timestamp: Timestamp of nonce issuance

JSON Response
{
  "data": {
    "generateNonce": {
      "id": "091741c1-5c0c-4633-a540-ee109c62a96e",
      "nonce": "69af58a3-0c2c-49c8-a59d-34b5c74aa930",
      "timestamp": "2023-08-17T06:25:53.925Z"
    }
  }
}

getToken

This operation takes in the signed message and id from generateNonce and returns the access token and refresh tokens if the signed message is validated.

⛔️ Access and refresh tokens are NOT shareable Tokens issued can only be used to execute mutations for Profiles that are owned by the address provided during the getToken operation. Usage by any other Profiles will return 400 error.

Query

Request inputs:

  1. id: Identifier for the generated nonce

  2. address: Ton Wallet address

  3. signedMessage: Signed nonce

GraphQL Operation
query GetToken {
  getToken(request: {
    id: "091741c1-5c0c-4633-a540-ee109c62a96e",
    signedMessage: "insert-the-signed-message"
  }) {
    accessToken
    refreshToken
  }
}

Response

Parameters:

  1. accessToken

  2. refreshToken

JSON Response
{
  "data": {
    "getToken": {
      "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFjNmZiODJlLTkxYWQtNGIxYS1iYzM0LTYzYzNlYTkxZTc5ZSIsImV4cCI6MTY5MjI1NjU1NiwiaWF0IjoxNjkyMjU0NzU2fQ.PDGQfBBn89NPiqy7UiyaZ1RceZ4Q1HyaOkP1C9dgKxY",
      "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFjNmZiODJlLTkxYWQtNGIxYS1iYzM0LTYzYzNlYTkxZTc5ZSIsImV4cCI6MTY5Mjg1OTU1NiwiaWF0IjoxNjkyMjU0NzU2fQ.WqiQPQaGo5rMkS2zj657IYzhzum-JFZZK9x6M1kG2lo"
    }
  }
}

refreshToken

This operation returns a new access token when provided a valid refresh token.

Query

Request inputs:

  1. token: refresh token

GraphQL Operation
query RefreshToken {
  refreshToken(request: {
    token: "{{REFRESH_TOKEN}}"
    }) {
      token
  }
}

Response

Parameters:

  1. token: Newly issued access token

JSON Response
{
  "data": {
    "refreshToken": {
      "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFjNmZiODJlLTkxYWQtNGIxYS1iYzM0LTYzYzNlYTkxZTc5ZSIsImV4cCI6MTY5MjI1NjU1NiwiaWF0IjoxNjkyMjU0NzU2fQ.PDGQfBBn89NPiqy7UiyaZ1RceZ4Q1HyaOkP1C9dgKxY"
    }
  }
}

Error Responses

PreviousAPI EndpointNextProfile

Last updated