I’ve got WalletConnect working in the browser, super easy setup. I use this for “insecure” stuff like getting a user’s wallet ID and their current asset holdings.
However, I’d like to perform “secure” actions on the server—initiating a transaction of assets from the user to my service, for example Is there a way to use the same WalletConnect library on the server, but tell it to connect with the existing session on the client? I see there’s a ton of data in LocalStorage once connected…I’m imagining a way to initialize a new instance of WalletConnect, but with an existing clientId or something?
I could refactor to just perform all transactions on the client, but it feels “wrong.” Maybe that’s just my old client/server brain talking. I guess if all the signing in happening in people’s wallets there’s really no reason I can’t initiate the transaction in the browser…
To start, I assume by client you mean a website frontend, and by server you mean the backend for the website. (It can get a little confusing, since there is also a WalletConnect client which talks to the wallet.)
The WalletConnect client acts as a gateway to communicating to the user’s wallet. And this gateway tends to work best when placed in a frontend that the user is also interacting with, since they’ll be able to see both sides of the interaction – the website frontend and their wallet.
I’m sure you could figure out a way to establish a WalletConnect session in the browser, then transfer that session to a backend server somehow, though it would be more involved than just copying the clientId, since the WalletConnect client and wallet establish a secret key used to encrypt messages. You would need to extract at least this secret key information (probably from local storage, but I don’t know exactly where it resides), shuttle it to your backend, and somehow use it to bootstrap another WalletConnect client.
While the above is theoretically possible, I don’t see how it increases security. The same information is still going over the WalletConnect bridge server and being analyzed by the wallet. And this information only consists of a list of unsigned transactions, which will be public as soon as you submit them to the chain anyway. Though perhaps you are using some private/secure information to determine the list of transactions that should be signed? In that case you could always compute the unsigned transactions on your backend, then send them to the frontend and have the frontend send them to WalletConnect.
You’d need to share more about the threat model you are trying to protect against for me to evaluate whether or not there’s a meaningful security benefit to offloading the WalletConnect interactions to a backend server.
After thinking about it I reached the same conclusion: there’s no security benefit to initiating those transactions from the server. It was just my old client/server brain being overly cautious! I already refactored to do everything in the browser and it’s working just fine. Thanks the the thorough response!
Hey, @Cannikin WalletConnect has stopped working for my website frontend.
I scan the QR from mobile app but nothing happens, no error logs. Just the mobile app says that your dapp isn’t responding.
I tried connecting my app to this demo link by algorand https://algorand.github.io/walletconnect-example-dapp/
But same error.
Can you tell, if its working for you?
Thanks!
I can connect my wallet on that site, yes, but whenever I click any of buttons that are available, they all fail. In my wallet I see a real quick popup asking me to confirm but then it goes away on its own before I can even read it. It’s always done that since I found that app last week, so that’s not new for me.
When I was developing my app I did get that message one time about my app not responding, but it’s been fine ever since. Did you try going into the Algorand Wallet’s settings, to the WalletConnect Sessions page and removing any existing sessions? I’ve used that a few times when it seems like my app gets confused as to whether it’s connected or not.
Thanks for your reply!
Yes I’ve tried that multiple times but it seems to work randomly. Without any errors logged it just displays a message of dapp not responding and after sometimes starts working perfectly fine.