How to verify public address owner with crypto wallets

Question

I am currently thinking about creating a dapp that connects to a phantom wallet on solana. A user account will be created upon connection Signup/Login a User. I'm not sure how to verify the public address. Wallets will pass information to the frontend and i would have to forward this information to the backend, thus it is manipulable and useless... How do I prevent people from sending fake addresses to the server and signing up to any account they want? I thought about signing a message but why is this not done on e.g. opensea.io(Eth/Metamask)?

Answer 1

How do I prevent people from sending fake addresses to the server and signing up to any account they want?

Make them sign a message.

I thought about signing a message but why is this not done on e.g. opensea.io(Eth/Metamask)?

This is not done on OpenSea because OpenSea does not create or manage user accounts for its users. The app relies entirely on the PKI of the user's Web3 provider (such as MetaMask).

Ask yourself why you need to create a user account for your users on your backend. If you need to create such an account, then make the user sign a message. If you don't need to create a user account, then just let the user authenticate directly with the blockchain using their own PKI like OpenSea does.

Answer 2

Why not create the Keypair (public + private key) in the backend itself? Since you're creating a new account on signup. Send a request to the backend and create account and return the public key to the user.

But instead of doing this. You can ask the user to create a new wallet and singup using something like a phantom wallet. Did that help?