If the evil wallet give us an invalid origin and signature, the did-auth lib should be able to identify that'