Signed publication metadata
Lens Protocol now supports signing publication metadata to authenticate the origin of content. Applications can sign their publication metadata using a registered wallet to verify that content was published through their app.
Purpose
By signing publication metadata, apps can:
Verify Authenticity: Prove that the content was published on their platform.
Improve Security: Prevent unauthorized apps from masquerading as legitimate applications.
Prerequisites
As an app developer, once you implement signed metadata on your app, you can contact the Lens API team via Discord or Telegram to register your app's wallet address and map it to your app id. Once the address is successfully registered, it will be impossible for anyone to publish unsigned metadata using that app id.
Workflow
-
Prepare the Publication Metadata Object: Create the metadata object as usual.
import { textOnly } from '@lens-protocol/metadata'; const metadata = textOnly({ content: "something cool" });
{ "$schema": "https://json-schemas.lens.dev/publications/text-only/3.0.0.json", "lens": { "id": "017ba8d7-822f-42b9-bd8b-d1e9db25fc6c", // make sure this is randomly generated and unique "appId": "your-app-id", "locale": "en-US", "mainContentFocus": "TEXT_ONLY", "content": "something cool" } }
If you are building Publication Metadata JSON manually make sure to use a unique metadata id; a randomly-generated UUID is a safe approach for most use cases.
-
Sign the Metadata Object: Sign the metadata object you just created using the registered wallet's private key and the
signMetadata
helper (since@lens-protocol/[email protected]
).import { signMetadata, textOnly } from '@lens-protocol/metadata'; const signed = await signMetadata(metadata, (message) => signer.signMessage(message));
-
Use Signed Metadata Object: Upload the signed Metadata object as you would normally do and create the publication from its public URI.
Recap
import { Wallet } from 'ethers';
import { signMetadata, textOnly } from '@lens-protocol/metadata';
const signer = new Wallet(PRIVATE_KEY, jsonRpcProvider); // keep your private key safe
const metadata = textOnly({
content: "something cool"
});
const signed = await signMetadata(metadata, (message) => signer.signMessage(message));
// then publish on Lens as you usually would using the `signed` metadata object
Additional resources
Signing data using ethers: https://docs.ethers.org/v5/api/signer/#Signer-signMessage
Updated 11 days ago