Server
Authentication
Wallet-based Identity and Ed25519 Signatures
Authentication
Nyx discards the legacy email/password authentication model. Instead, it relies on cryptographic proof of ownership using Web3 wallets (e.g., Phantom, Solflare).
The Nonce Challenge Flow
To securely authenticate a user, the Server challenges the client to sign a completely random, single-use string (a "nonce") using their wallet's private key.
Security Guarantees
- No Passwords: There is no password database to be breached.
- Replay Attack Prevention: The generated nonce is strictly single-use and has a very short expiration time (e.g., 5 minutes). Even if a malicious actor intercepts the signature, they cannot reuse it to log in later.
- Stateless Tokens: After verification, the Server issues a standard stateless JWT containing the
userIdandsessionId, which is then used to authenticate all subsequent HTTP and WebSocket requests.