I have a question regarding the Account Proof flow. It is described here: Proving Ownership of a Flow Account - Flow Documentation
It seems like the verification steps are as follows:
- Taking the CompositeSignature from the account-proof data structure
- Composing a Message with FCL and WalletUtils.encodeMessageForProvableAuthnVerifying
- Running the Cadence script or using fcl.verifyUserSignature to compare(verify) the Message with the AccountProof.signatures
A/ It seems that both AccountProof data and the Message are being sent from the frontend. Wouldn’t it be better if the backend composes the Message to verify against the AccountProof data received from the frontend?
B/ Do you have an example of the Cadence script for verifying user signatures?
Fyi. we are using the GO-SDK on the backend and React on frontend.