Best way to prove ASA ownership for DApp


What is the best way for an Algorand wallet owner to prove to a DApp that she owns a particular ASA?

The application can obviously look at any given wallet and check if it has a particular ASA if the assetID is known (see Algorand Developer Docs)

But a user could theoretically supply any wallet address that is holding the ASA.

How can the user prove to the application they own the wallet that holds the correct asset?

Thank you!

It depends of what you call a DApp.

If it’s a regular off-chain application, just have the user signs a specific 0-Algo transaction with some note field that you randomly generated for that user. That proves ownership of the wallet and can easily be checked using an algod/indexer call.

If it’s an actual ASC1 application Algorand Developer Docs
Just make an application call.
The application call is signed by the sender, that is the user.
The application can check the asset holdings of the sender using Algorand Developer Docs

1 Like