Using cardano-wallet for ingame sign in

have built an in game User interface around Cardano-wallet. now im looking for a way to let the player sign in using his wallet .

how can i approach it using cardano-wallet? is there a way to let the player sign some data using his private key , then on the server side i decode it using his public key ?

( one of the solutions i tried is to let the player send 1 ADA from his wallet to a server provided address , and i monitor the transaction to verify … but bad approach obviously …)

thank you for your attention.

One way would be to let people connect their wallet via the dApp connector specified in CIP 30 and then use signData:
https://github.com/cardano-foundation/CIPs/tree/master/CIP-0030#apisigndataaddr-address-payload-bytes-promisedatasignature

Restricts your users to environments and wallet apps that provide that. (Getting the dApp API to work on mobile is tricky or impossible, non-browser wallet apps are out immediately.)

BTW: Rolling your own wallet application doesn’t seem like the best idea. People won’t easily trust a server-based wallet app in some game … and they are right.

i am using unreal engine ( c++ ) , so i have no fancy browsers apis / wallet or anything …
now regarding your last point , the client is interacting with Daedalus / cardano-wallet locally , its not a server-based wallet

Okay, that’s better. Users still have to trust your application, but if they do not fully they can probably just use an extra wallet just for that game.

But having Daedalus (or at least cardano-node and cardano-wallet) running locally is a pretty hefty dependency. You could consider implementing more of a minimal wallet app using libraries like cardano-serialization-lib or Lucid and APIs like Blockfrost, Koios, Dandelion, … to interact with the chain.

To your main question: https://github.com/cardano-foundation/CIPs/blob/master/CIP-0008/ defines a method for message signing that you could use. It its readily implemented, for example, in Lucid: https://github.com/spacebudz/lucid/blob/main/src/examples/sign_message.ts, which uses https://github.com/Emurgo/message-signing for it.

Also: There was an Unreal-Cardano integration funded in the latest Catalyst round: https://cardano.ideascale.com/c/idea/420794

Don’t know if you have the time to wait for that. But you could at least try to get some tips in their Discord maybe?

You can make HTTP requests: HTTP | Unreal Engine Documentation

I am also using a C++ game engine and then generating web assembly builds for cross-platform accessibility. The game client can make requests to back-end restful controllers which does any other Cardano things I need through blockfrost API or directly on nodes etc.

You can also use basic JavaScript calls to integrate with browser wallets like Nami (and other CIP 30 wallets) via wrappers, plugins, etc. e.g. Unreal.js in Code Plugins - UE Marketplace

You should never need private keys to be submitted/transmitted and frankly users would not trust your app if you tried that, nor should they.

Example from my game: Minting a playable character flows like this more or less …

  • Client: State machine handles the signals to determine if they need to connect wallet, have a wallet, etc. This enables and disables buttons and interfaces in the GUI and displays tool tip hints and highlighting as needed to direct users.
  • User: In the “connected wallet” state with a browser based CIP 30 wallet selected/identified they can now Click/Tap/Touch the “hatch” button if they have found an egg in game. That makes a JS call out via wallet account/asset API (is ADA >= 5?) and if true we then make a HTTPS request to my back end.
  • Server: Restful API controller parses and validates the request, calls a service to PRNG roll a character sheet, token meta data, minting transaction, calc fees, etc, etc. Persists the open minting Tx to a SQL database then returns the response to be signed by user wallet.
  • Client: If status OK (200) then we submit this Tx via JS to their wallet to be signed. The wallet does it’s thing and they verify everything looks legit, type in their spend password or whatever, and approve or reject the Tx. If they sign it we take the CBOR hex and fire it off to the back end on a different HTTPS route.
  • Server: Validates the signed Tx, looks up the matching Tx in database, verifies CRC checks, witness, etc. If everything checks out and looks good the policy holding key signs it (multi-sig) and then submits to to Cardano node to actually mint token and fold it into the ledger. Response tells client to continue or handle error accordingly.
  • Client: If status OK (200) then the response has the pool.pm link to view the new token. Of course they can also just look at their wallet or continue on with the game as the next time they go to the “gym” screen I’ll check their wallet with JS call out for dino tokens and load them up to be selected.
  • User: Selects their new token and goes off to battle with it or whatever they want to do next.

The potential downside of this transparency is a clever user can see what type, stats, etc they are getting before signing but if the user really wants to sit there “rolling Tx” until they get what they want that is fine unless they get carried away and trigger the flood gate or subsequent bans on back end by trying to automate minting with code or something … not sure why anyone would do that.

P.S. the most important part of this is next time when they connect a wallet that already has a dino token we don’t need to do any of this nonsense. Find the token in the wallet via JS can be done entirely on the front end and once a character is selected the state machine can move along and things like battles become available … having a token in a wallet without any ADA is good enough to “sign in” at this point.

1 Like

I don’t really know Unreal. Can you describe how the connection to the browser is made. Having JS available in Unreal is one thing, but the CIP-30 API lives inside one browser and I don’t even know if it is Chrome, Edge, Brave, … How is the IPC to that browser done?

thank you for your answers ,
i guess the JS route using this : Unreal.js in Code Plugins - UE Marketplace
can help … so i redirect things to his browser wallet … but yeah i wanted something that just utilizes cardano-wallet & player wont need to look to his browser wallets or anything
i know it might look heavy ? but with mithril node incoming , sync up time wont be an issue … player can just download & install Daedalus , open the game and everything works no need to setup or go back and fourth to a browser… my current issue is i want to verify the wallet without sending & waiting for a transaction

only the Unreal Blockfrost integration was funded here , wallets integration is the interesting part… the rest is straightforward.

There is no Tx to query read-only data. You can use the wallet assets API to see what is there and most of the wallets simply relay this requests to the blockchain kind of like how you can look things up on a blockchain explorer without any Tx or fees.

eg imagine you have a game in a PS5 right ? how you wanna use a browser there? , anyway im just trying to push cardano integration in game as much as i can & see where the limits are.
ideally i guess games wont integrate wallets at all … everything will be centralized and they would offer you a possibility to transfer your ingame assets to ur wallet of choice… and vice versa

Mithril will be lighter, but it will still be a full node. My main wallet app is a browser wallet and I’d guess for most people into NFTs and stuff it will be the same, since they want to connect to marketplaces, browser-based metaverse thingies, … So, the expected way is dApp connection, I’d think.

As said: Use the message signing.

there is no message signing endpoint with cardano-wallet ( you can sign transactions , and there is some experimental “signMetadata” method with no clear documentation)

I actually have not done any Cardano things with Unreal as I only use that game engine at my “day job” for 3D simulation stuff. In my case the Godot engine provides an OS object to query user device settings allowing me to determine if they are on mobile, what browser they are using, etc. I use this context wrapper to talk to the browser: JavaScriptObject — Godot Engine (stable) documentation in English

e.g. if the user selected “Nami” from the wallet screen I handle the event by looking for that context and register JS callbacks and things accordingly. If I find it the “connected” wallet can now use GDScript signals (Python) and emit events to the rest of the game client and vice versa using the specifics of that implementation: GitHub - berry-pool/nami: Nami Wallet is a browser based wallet extension to interact with the Cardano blockchain.

1 Like

NOPE!

I don’t have the $$$$$ or excruciating patience it would take to even imagine building that infrastructure. I am targeting HTML5 deploys only so that people on laptops, tablets, and mobile can use their existing browsers. If you want to play on Xbox or something you’ll have to figure out how to get your Cardano wallet extension into the Edge browser app on your own :smiley:

indeed , i am targeting Blockchain based open world games ( MMOs , World Building , Survival etc…) …
true metaverse experiences…im just experimenting here . no production stuff yet … but i guess what i need is more like a feature missing from cardano-wallet server API or i am not understanding it very well :stuck_out_tongue: .

1 Like

It indeed looks like cardano-wallet is missing that. It’s not the best API, anyway. Even if you don’t want to do a dApp connection, it might be worthwhile to use Unreal-JS and then Lucid with a connection to Blockfrost or Koios. Saves you the whole Daedalus thing.

3 Likes

yeah… thanks for ur inputs .
i think cardano-wallets is very good api , just this bit missing thats it :stuck_out_tongue: . you can build anything on top of it regardless of the language / platform .

apparently its doable … i looked into cardano-wallet-js build on top of cardano-wallet & it does have messageSigning function …
i ll recreate same process by following its source code.

2 Likes