Spruce
  • Home
  • Twitter
  • SSX
Sign in Subscribe
Sign-In with Ethereum

Sign-In with Ethereum - Python Library Release

In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Python library.

  • Spruce

Spruce

Jan 19, 2022 • 2 min read
Sign-In with Ethereum - Python Library Release

In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Python library:

GitHub - spruceid/siwe-py: A Python implementation of Sign-In with Ethereum
A Python implementation of Sign-In with Ethereum. Contribute to spruceid/siwe-py development by creating an account on GitHub.
GitHubspruceid

Sign-In with Ethereum can now be found and installed via pypi, and be installed in any Python project with pip:  

pip install siwe

The repository has been dual-licensed under Apache-2.0 and MIT, making it as flexible and simple as possible for developers to use in their projects.

We would love to give special thanks to Payton Garland, who helped tremendously in creating, collaborating on, and contributing to this library.


Usage

SIWE provides a SiweMessage class which implements EIP-4361.

Parsing a SIWE Message

Parsing is done by initializing a SiweMessage object with an EIP-4361 formatted string:

message: SiweMessage = SiweMessage(message=eip_4361_string)

Alternatively, initialization of a SiweMessage object can be done with a dictionary containing expected attributes:

message: SiweMessage = SiweMessage(message={"domain": "login.xyz", "address": "0x1234...", ...})

Verifying and Authenticating a SIWE Message

Verification and authentication is performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.

try: message.validate() except siwe.ValidationError: # Invalid

Serialization of a SIWE Message

SiweMessage instances can also be serialized as their EIP-4361 string representations via the sign_message method:

print(message.sign_message())

Example

Parsing and verifying a SiweMessage is easy:

try:
    message: SiweMessage = SiweMessage(message=eip_4361_string)
    message.validate():
except siwe.ValueError:
    # Invalid message
    print("Authentication attempt rejected.")
except siwe.ExpiredMessage:
    print("Authentication attempt rejected.")
except siwe.MalformedSession as e:
    # e.missing_fields contains the missing information needed for validation
    print("Authentication attempt rejected.")
except siwe.InvalidSignature:
    print("Authentication attempt rejected.")
    
# Message has been validated. Authentication complete. Continue with authorization/other.

Maturity disclaimer: Our Python library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.


If you're interested in integrating Sign-In with Ethereum into your dapp, app, or service, we are more than happy to help and provide any support we can.

As we continue our work supporting Sign-In with Ethereum, we especially welcome implementers who already have users relying on similar workflows, authors of related EIPs, and wallet vendors who would like to do more to support user-owned identities to join us.

If you are interested in being involved, please join our Discord server:

Sign up for more like this.

Enter your email
Subscribe
Future State: Consumer Data Online

Future State: Consumer Data Online

Self-sovereign identity gives users the ability to store and manage their own identity and data online. This new identity layer of the internet will fundamentally shift the relationship that users have with the applications and services they interact with.
Feb 2, 2023 6 min read
Tutorial: Build a Basic Token-Gated App with SSX, RainbowKit, and Alchemy

Tutorial: Build a Basic Token-Gated App with SSX, RainbowKit, and Alchemy

This example will show developers how to build and enable token-gated access in their dapp with SSX based on holding an ENS name. Additionally, it will show a developer how to also use SSX with RainbowKit and Alchemy.
Feb 1, 2023 7 min read
Future State: Digital Credentials for Healthcare

Future State: Digital Credentials for Healthcare

Digital credentials and self-sovereign identity have the potential to revolutionize the healthcare industry by providing a more secure and efficient way to store and share important health information.
Jan 26, 2023 6 min read
Spruce © 2023
Powered by Ghost