Spruce
  • Home
Subscribe
Sign-In with Ethereum

Sign-In with Ethereum - Python Library Release

In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Python library.

  • Spruce

Spruce

Jan 19, 2022 • 2 min read
Sign-In with Ethereum - Python Library Release

In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Python library:

GitHub - spruceid/siwe-py: A Python implementation of Sign-In with Ethereum
A Python implementation of Sign-In with Ethereum. Contribute to spruceid/siwe-py development by creating an account on GitHub.
GitHubspruceid

Sign-In with Ethereum can now be found and installed via pypi, and be installed in any Python project with pip:  

pip install siwe

The repository has been dual-licensed under Apache-2.0 and MIT, making it as flexible and simple as possible for developers to use in their projects.

We would love to give special thanks to Payton Garland, who helped tremendously in creating, collaborating on, and contributing to this library.


Usage

SIWE provides a SiweMessage class which implements EIP-4361.

Parsing a SIWE Message

Parsing is done by initializing a SiweMessage object with an EIP-4361 formatted string:

message: SiweMessage = SiweMessage(message=eip_4361_string)

Alternatively, initialization of a SiweMessage object can be done with a dictionary containing expected attributes:

message: SiweMessage = SiweMessage(message={"domain": "login.xyz", "address": "0x1234...", ...})

Verifying and Authenticating a SIWE Message

Verification and authentication is performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.

try: message.validate() except siwe.ValidationError: # Invalid

Serialization of a SIWE Message

SiweMessage instances can also be serialized as their EIP-4361 string representations via the sign_message method:

print(message.sign_message())

Example

Parsing and verifying a SiweMessage is easy:

try:
    message: SiweMessage = SiweMessage(message=eip_4361_string)
    message.validate():
except siwe.ValueError:
    # Invalid message
    print("Authentication attempt rejected.")
except siwe.ExpiredMessage:
    print("Authentication attempt rejected.")
except siwe.MalformedSession as e:
    # e.missing_fields contains the missing information needed for validation
    print("Authentication attempt rejected.")
except siwe.InvalidSignature:
    print("Authentication attempt rejected.")
    
# Message has been validated. Authentication complete. Continue with authorization/other.

Maturity disclaimer: Our Python library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.


If you're interested in integrating Sign-In with Ethereum into your dapp, app, or service, we are more than happy to help and provide any support we can.

As we continue our work supporting Sign-In with Ethereum, we especially welcome implementers who already have users relying on similar workflows, authors of related EIPs, and wallet vendors who would like to do more to support user-owned identities to join us.

If you are interested in being involved, please join our Discord server:

Sign up for more like this.

Enter your email
Subscribe
Presentation: Extending Sign-In with Ethereum - CASA Gathering 2022

Presentation: Extending Sign-In with Ethereum - CASA Gathering 2022

During the initial part of the CASA unconference, we had a chance to present on extending Sign-In with Ethereum, and what the future of authentication looks like. Wayne's talk and an overview of the topics covered can be found here.

  • Rocco
Rocco May 12, 2022 • 2 min read
Spruce Developer Update #19

Spruce Developer Update #19

At Spruce, we’re letting users control their identity and data across the web. Here’s the latest from our development efforts across Sign-In with Ethereum, Kepler, and SpruceID.

  • Spruce
Spruce May 4, 2022 • 3 min read
Sign-In with Ethereum Digest - April

Sign-In with Ethereum Digest - April

Sign-In with Ethereum offers a new self-custodial option for users who wish to assume more control and responsibility over their own digital identity.

  • Spruce
Spruce May 2, 2022 • 4 min read
Spruce © 2022
Powered by Ghost