Sign-In with Ethereum - Python Library Release
In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Python library.
In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Python library:
Sign-In with Ethereum can now be found and installed via pypi, and be installed in any Python project with pip
:
pip install siwe
The repository has been dual-licensed under Apache-2.0 and MIT, making it as flexible and simple as possible for developers to use in their projects.
We would love to give special thanks to Payton Garland, who helped tremendously in creating, collaborating on, and contributing to this library.
Usage
SIWE provides a SiweMessage
class which implements EIP-4361.
Parsing a SIWE Message
Parsing is done by initializing a SiweMessage
object with an EIP-4361 formatted string:
message: SiweMessage = SiweMessage(message=eip_4361_string)
Alternatively, initialization of a SiweMessage
object can be done with a dictionary containing expected attributes:
message: SiweMessage = SiweMessage(message={"domain": "login.xyz", "address": "0x1234...", ...})
Verifying and Authenticating a SIWE Message
Verification and authentication is performed via EIP-191, using the address
field of the SiweMessage
as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.
try: message.validate() except siwe.ValidationError: # Invalid
Serialization of a SIWE Message
SiweMessage
instances can also be serialized as their EIP-4361 string representations via the sign_message
method:
print(message.sign_message())
Example
Parsing and verifying a SiweMessage
is easy:
try:
message: SiweMessage = SiweMessage(message=eip_4361_string)
message.validate():
except siwe.ValueError:
# Invalid message
print("Authentication attempt rejected.")
except siwe.ExpiredMessage:
print("Authentication attempt rejected.")
except siwe.MalformedSession as e:
# e.missing_fields contains the missing information needed for validation
print("Authentication attempt rejected.")
except siwe.InvalidSignature:
print("Authentication attempt rejected.")
# Message has been validated. Authentication complete. Continue with authorization/other.
Maturity disclaimer: Our Python library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.
If you're interested in integrating Sign-In with Ethereum into your dapp, app, or service, we are more than happy to help and provide any support we can.
As we continue our work supporting Sign-In with Ethereum, we especially welcome implementers who already have users relying on similar workflows, authors of related EIPs, and wallet vendors who would like to do more to support user-owned identities to join us.
If you are interested in being involved, please join our Discord server: