Sign-In with Ethereum - Ruby Library and Rails Examples Release
In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Ruby library, along with support for Rails apps.
In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Ruby library, along with support for Ruby on Rails to make SIWE available for most Rails applications.
spruceidspruceidSign-In with Ethereum can now be found and installed via gems, and be installed in any Ruby project with gem:
gem install siweThe Ruby library has been dual-licensed under Apache-2.0 and MIT, making it as flexible and simple as possible for developers to use in their projects. Additionally, the gems supporting the Rails examples have also been dual-licensed the same way.
Ruby
In order to use the library, additional packages may be required to install the gem:
macOS
brew install automake openssl libtool pkg-config gmp libffi
Linux
sudo apt-get install build-essential automake pkg-config libtool \
libffi-dev libssl-dev libgmp-dev python-dev
After installing any required dependencies SIWE can be easily installed with:
gem install siwe
Usage
SIWE provides a Message class that implements EIP-4361.
Creating a SIWE Message
require 'siwe'
require 'time'
# Only the mandatory arguments
Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1")
# Complete SIWE message with default values
Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1", {
issued_at: Time.now.utc.iso8601,
statement: "Example statement for SIWE",
nonce: Siwe::Util.generate_nonce,
chain_id: "1",
expiration_time: "",
not_before: "",
request_id: "",
resources: []
})
Parsing a SIWE Message
To parse from EIP-4361 use Siwe::Message.from_message
require 'siwe'
Siwe::Message.from_message "domain.example wants you to sign in with your Ethereum account:\n0x9D85ca56217D2bb651b00f15e694EB7E713637D4\n\nExample statement for SIWE\n\nURI: some.uri\nVersion: 1\nChain ID: 1\nNonce: k1Ne4KWzBHYEFQo8\nIssued At: 2022-02-03T20:06:19Z"
Messages can be parsed to and from JSON strings, using Siwe::Message.from_json_string and Siwe::Message.to_json_string respectively:
require 'siwe'
Siwe::Message.from_json_string "{\"domain\":\"domain.example\",\"address\":\"0x9D85ca56217D2bb651b00f15e694EB7E713637D4\",\"uri\":\"some.uri\",\"version\":\"1\",\"chain_id\":\"1\",\"nonce\":\"k1Ne4KWzBHYEFQo8\",\"issued_at\":\"2022-02-03T20:06:19Z\",\"statement\":\"Example statement for SIWE\",\"expiration_time\":\"\",\"not_before\":\"\",\"request_id\":\"\",\"resources\":[]}"
Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1").to_json_string
Verifying and Authenticating a SIWE Message
Verification and authentication are performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.
begin
message.validate(signature) # returns true if valid throws otherwise
rescue Siwe::ExpiredMessage
# Used when the message is already expired. (Expires At < Time.now)
rescue Siwe::NotValidMessage
# Used when the message is not yet valid. (Not Before > Time.now)
rescue Siwe::InvalidSignature
# Used when the signature doesn't correspond to the address of the message.
end
Serialization of a SIWE Message
Siwe::Message instances can also be serialized as their EIP-4361 string representations via the Siwe::Message.prepare_message method:
require 'siwe'
Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1").prepare_message
Example
Parsing and verifying a Siwe::Message:
require 'siwe'
begin
message = Siwe::Message.from_message "https://example.com wants you to sign in with your Ethereum account:\n0xA712a0AFBFA8656581BfA96352c9EdFc519e9cad\n\n\nURI: https://example.com\nVersion: 1\nChain ID: 1\nNonce: 9WrH24z8zpiYOoBQ\nIssued At: 2022-02-04T15:52:03Z"
message.validate "aca5e5649a357cee608ecbd1a8455b4143311381636b88a66ec7bcaf64b3a4743ff2c7cc18501a3401e182f79233dc73fc56d01506a6098d5e7e4d881bbb02921c"
puts "Congrats, your message is valid"
rescue Siwe::ExpiredMessage
# Used when the message is already expired. (Expires At < Time.now)
rescue Siwe::NotValidMessage
# Used when the message is not yet valid. (Not Before > Time.now)
rescue Siwe::InvalidSignature
# Used when the signature doesn't correspond to the address of the message.
end
Rails
Documentation on how to set up the Rails examples is now available:
.png?alt=media&token=0e89a6f5-1606-4fe9-85b1-2ec5c8fb6734)
Three Rails examples are available, along with two additional gems:
Which is a Rails gem that adds Sign-In with Ethereum local sign-in routes.
Which provides an OmniAuth strategy for Sign In With Ethereum.
The three Rails examples are:
Which shows how to manually add endpoints to generate and verify the Sign-In with Ethereum message, and handle session-based user logins on a Rails application.
Which shows how to use siwe_rails gem to set up and configure the endpoints to generate and verify a Sign-In with Ethereum message in a Rails application.
Which shows how to use and configure the omniauth-siwe provider with OmniAuth in a Rails application.
Maturity disclaimer: Our Ruby library and Rails examples for Sign-In with Ethereum have not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.
If you're interested in integrating Sign-In with Ethereum into your dapp, app, or service, we are more than happy to help and provide any support we can.
As we continue our work supporting Sign-In with Ethereum, we especially welcome implementers who already have users relying on similar workflows, authors of related EIPs, and wallet vendors who would like to do more to support user-owned identities to join us.
If you are interested in being involved, please join our Discord server:
