Nyx Documentations
Server

Authentication

Wallet-based Identity and Ed25519 Signatures

Authentication

Nyx discards the legacy email/password authentication model. Instead, it relies on cryptographic proof of ownership using Web3 wallets (e.g., Phantom, Solflare).

The Nonce Challenge Flow

To securely authenticate a user, the Server challenges the client to sign a completely random, single-use string (a "nonce") using their wallet's private key.

POST /auth/nonce (walletAddress) Store Nonce against Wallet Return Nonce String signMessage(Nonce) Return Ed25519 Signature POST /auth/verify (Signature, Wallet) Cryptographically Verify Signature using public wallet address Upsert User Profile & Generate Session ID Return JWT Access Token Client Wallet Extension Nyx Server Postgres

Security Guarantees

  1. No Passwords: There is no password database to be breached.
  2. Replay Attack Prevention: The generated nonce is strictly single-use and has a very short expiration time (e.g., 5 minutes). Even if a malicious actor intercepts the signature, they cannot reuse it to log in later.
  3. Stateless Tokens: After verification, the Server issues a standard stateless JWT containing the userId and sessionId, which is then used to authenticate all subsequent HTTP and WebSocket requests.

On this page