Server-side TON Connect 2.0 proof verification for ICP-compatible services
Project description
ton-devtools-auth-sdk
Server-side TON Connect 2.0 proof verification for ICP-compatible services.
Part of the ton-devtools monorepo.
What it does
Implements the server-side authentication pipeline:
- §5.2 — TON proof message construction and ed25519 verification
- §5.3 — On-chain public key resolution via Toncenter API v2 (or TRMS)
- §5.6 — Single-use nonce management with TTL (replay attack prevention)
- §10.2 — Timestamp skew enforcement (±300 s)
Installation
pip install ton-devtools-auth-sdk
Quick Start
from ton_devtools_auth import ICPAuthenticator
auth = ICPAuthenticator(
rpc_base_url="https://toncenter.com/api/v2",
rpc_api_key="YOUR_KEY",
domain="id.yourapp.com",
)
# POST /auth/ton/connect
nonce = auth.issue_nonce() # store and return to client
# POST /auth/ton/verify
result = await auth.verify(
wallet_address=body.wallet_address,
nonce=body.nonce,
signature=body.signature,
public_key=body.public_key,
timestamp=body.timestamp,
domain=body.domain,
)
# result.wallet_address, result.public_key, result.on_chain_verified
Nonce storage backends
from ton_devtools_auth.nonce import NonceManager, InMemoryNonceStore
# Testing / single-replica
auth = ICPAuthenticator(nonce_store=InMemoryNonceStore())
# Production: bring your own Redis client
class RedisNonceStore:
def __init__(self, redis): self._r = redis
def set(self, key, value, ttl): self._r.set(key, value, ex=ttl)
def get(self, key): return self._r.get(key)
def delete(self, key): return bool(self._r.delete(key))
auth = ICPAuthenticator(nonce_store=RedisNonceStore(redis_client))
Pointing at TRMS for testing
auth = ICPAuthenticator(
rpc_base_url="http://localhost:8080", # ton-devtools-rpc-mock
domain="localhost",
)
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ton_devtools_auth_sdk-0.1.0.tar.gz.
File metadata
- Download URL: ton_devtools_auth_sdk-0.1.0.tar.gz
- Upload date:
- Size: 11.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ea972915b619d257310a30dc377110526db020c26898370b01195a12bf956100
|
|
| MD5 |
6f387b2264a93ca4f4e3ad0f4bcd4a17
|
|
| BLAKE2b-256 |
c9b644e6a6f28f0c8e6d7344269d042d5799c3ed61a81966117916f0310385e4
|
File details
Details for the file ton_devtools_auth_sdk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: ton_devtools_auth_sdk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
78b8d00eb15a5ae655b5047c17b6b5da97549c1798537bd50ae0e7a256347f2f
|
|
| MD5 |
fab95744788e8041b5189b293fe3efbb
|
|
| BLAKE2b-256 |
d7ffc6ce5b792adab17f74f0b60b7d56426d3194a24af2fec9d3eae057fea9a5
|
