Sign-In with Ethereum - Python Library Release

In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Python library:

GitHub - spruceid/siwe-py: A Python implementation of Sign-In with Ethereum

A Python implementation of Sign-In with Ethereum. Contribute to spruceid/siwe-py development by creating an account on GitHub.

GitHubspruceid

Sign-In with Ethereum can now be found and installed via pypi, and be installed in any Python project with pip:  

pip install siwe

The repository has been dual-licensed under Apache-2.0 and MIT, making it as flexible and simple as possible for developers to use in their projects.

We would love to give special thanks to Payton Garland, who helped tremendously in creating, collaborating on, and contributing to this library.

Usage

SIWE provides a SiweMessage class which implements EIP-4361.

Parsing a SIWE Message

Parsing is done by initializing a SiweMessage object with an EIP-4361 formatted string:

message: SiweMessage = SiweMessage(message=eip_4361_string)

Alternatively, initialization of a SiweMessage object can be done with a dictionary containing expected attributes:

message: SiweMessage = SiweMessage(message={"domain": "login.xyz", "address": "0x1234...", ...})

Verifying and Authenticating a SIWE Message

Verification and authentication is performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.

try: message.validate() except siwe.ValidationError: # Invalid

Serialization of a SIWE Message

SiweMessage instances can also be serialized as their EIP-4361 string representations via the sign_message method:

print(message.sign_message())

Example

Parsing and verifying a SiweMessage is easy:

try:
    message: SiweMessage = SiweMessage(message=eip_4361_string)
    message.validate():
except siwe.ValueError:
    # Invalid message
    print("Authentication attempt rejected.")
except siwe.ExpiredMessage:
    print("Authentication attempt rejected.")
except siwe.MalformedSession as e:
    # e.missing_fields contains the missing information needed for validation
    print("Authentication attempt rejected.")
except siwe.InvalidSignature:
    print("Authentication attempt rejected.")
    
# Message has been validated. Authentication complete. Continue with authorization/other.

Maturity disclaimer: Our Python library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.

If you're interested in integrating Sign-In with Ethereum into your dapp, app, or service, we are more than happy to help and provide any support we can.

As we continue our work supporting Sign-In with Ethereum, we especially welcome implementers who already have users relying on similar workflows, authors of related EIPs, and wallet vendors who would like to do more to support user-owned identities to join us.

If you are interested in being involved, please join our Discord server: