Wallet-Native Authentication Protocol documentation draft
This post is overdue. The Catalyst Fund 11 project Crypto wallets for signup, login, and 2FA got approved starting the second quarter of 2024, and Milestone 1 — the technical specification — should have landed long before now. Life intervened and the work sat unfinished. I would rather deliver it late and right than on time and shallow, so here it is. What the document covers Most current Cardano login implementations sign a bare random nonce. It works, but it is opaque to the user, carries no information about which site requested it, and leaves a thin audit trail on the server. I set out to specify something better: a structured, human-readable payload that binds the signature to a domain, a server-committed action, and a timestamp — built on top of what CIP-8, CIP-30, and the stalled CIP-93 proposal already got right.
| 2 min read