Spruce
  • Home
  • Twitter
  • SSX
Sign in Subscribe
Sign-In with Ethereum

Sign-In with Ethereum - Ruby Library and Rails Examples Release

In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Ruby library, along with support for Rails apps.

  • Spruce

Spruce

Feb 24, 2022 • 4 min read
Sign-In with Ethereum - Ruby Library and Rails Examples Release

In our continued updates on additional language support for Sign-In with Ethereum, we're happy to announce the alpha release of our Ruby library, along with support for Ruby on Rails to make SIWE available for most Rails applications.

GitHub - spruceid/siwe-ruby: A ruby implementation of Sign-In with Ethereum
A ruby implementation of Sign-In with Ethereum. Contribute to spruceid/siwe-ruby development by creating an account on GitHub.
GitHubspruceid
GitHub - spruceid/siwe-rails-examples: SIWE example using Ruby on Rails with custom controller.
SIWE example using Ruby on Rails with custom controller. - GitHub - spruceid/siwe-rails-examples: SIWE example using Ruby on Rails with custom controller.
GitHubspruceid

Sign-In with Ethereum can now be found and installed via gems, and be installed in any Ruby project with gem:

gem install siwe

The Ruby library has been dual-licensed under Apache-2.0 and MIT, making it as flexible and simple as possible for developers to use in their projects. Additionally, the gems supporting the Rails examples have also been dual-licensed the same way.

Ruby

In order to use the library, additional packages may be required to install the gem:

macOS

brew install automake openssl libtool pkg-config gmp libffi

Linux

sudo apt-get install build-essential automake pkg-config libtool \
                     libffi-dev libssl-dev libgmp-dev python-dev

After installing any required dependencies SIWE can be easily installed with:

gem install siwe

Usage

SIWE provides a Message class that implements EIP-4361.

Creating a SIWE Message

require 'siwe'
require 'time'

# Only the mandatory arguments
Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1")

# Complete SIWE message with default values
Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1", {
                                   issued_at: Time.now.utc.iso8601,
                                   statement: "Example statement for SIWE",
                                   nonce: Siwe::Util.generate_nonce,
                                   chain_id: "1",
                                   expiration_time: "",
                                   not_before: "",
                                   request_id: "",
                                   resources: []
                                 })

Parsing a SIWE Message

To parse from EIP-4361 use Siwe::Message.from_message

require 'siwe'

Siwe::Message.from_message "domain.example wants you to sign in with your Ethereum account:\n0x9D85ca56217D2bb651b00f15e694EB7E713637D4\n\nExample statement for SIWE\n\nURI: some.uri\nVersion: 1\nChain ID: 1\nNonce: k1Ne4KWzBHYEFQo8\nIssued At: 2022-02-03T20:06:19Z"

Messages can be parsed to and from JSON strings, using Siwe::Message.from_json_string and Siwe::Message.to_json_string respectively:

require 'siwe'

Siwe::Message.from_json_string "{\"domain\":\"domain.example\",\"address\":\"0x9D85ca56217D2bb651b00f15e694EB7E713637D4\",\"uri\":\"some.uri\",\"version\":\"1\",\"chain_id\":\"1\",\"nonce\":\"k1Ne4KWzBHYEFQo8\",\"issued_at\":\"2022-02-03T20:06:19Z\",\"statement\":\"Example statement for SIWE\",\"expiration_time\":\"\",\"not_before\":\"\",\"request_id\":\"\",\"resources\":[]}"

Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1").to_json_string

Verifying and Authenticating a SIWE Message

Verification and authentication are performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.

begin
    message.validate(signature) # returns true if valid throws otherwise
rescue Siwe::ExpiredMessage
    # Used when the message is already expired. (Expires At < Time.now)
rescue Siwe::NotValidMessage
    # Used when the message is not yet valid. (Not Before > Time.now)
rescue Siwe::InvalidSignature
    # Used when the signature doesn't correspond to the address of the message.
end

Serialization of a SIWE Message

Siwe::Message instances can also be serialized as their EIP-4361 string representations via the Siwe::Message.prepare_message method:

require 'siwe'

Siwe::Message.new("domain.example", "0x9D85ca56217D2bb651b00f15e694EB7E713637D4", "some.uri", "1").prepare_message

Example

Parsing and verifying a Siwe::Message:

require 'siwe'

begin
    message = Siwe::Message.from_message "https://example.com wants you to sign in with your Ethereum account:\n0xA712a0AFBFA8656581BfA96352c9EdFc519e9cad\n\n\nURI: https://example.com\nVersion: 1\nChain ID: 1\nNonce: 9WrH24z8zpiYOoBQ\nIssued At: 2022-02-04T15:52:03Z"
    message.validate "aca5e5649a357cee608ecbd1a8455b4143311381636b88a66ec7bcaf64b3a4743ff2c7cc18501a3401e182f79233dc73fc56d01506a6098d5e7e4d881bbb02921c"
    puts "Congrats, your message is valid"
rescue Siwe::ExpiredMessage
    # Used when the message is already expired. (Expires At < Time.now)
rescue Siwe::NotValidMessage
    # Used when the message is not yet valid. (Not Before > Time.now)
rescue Siwe::InvalidSignature
    # Used when the signature doesn't correspond to the address of the message.
end

Rails

Documentation on how to set up the Rails examples is now available:

Rails - Sign-In with Ethereum
Examples of Integrating Sign-In with Ethereum into Rails Applications
Sign-In with Ethereum

Three Rails examples are available, along with two additional gems:

  • siwe_rails

Which is a Rails gem that adds Sign-In with Ethereum local sign-in routes.

  • omniauth-siwe

Which provides an OmniAuth strategy for Sign In With Ethereum.

The three Rails examples are:  

  • custom-controller

Which shows how to manually add endpoints to generate and verify the Sign-In with Ethereum message, and handle session-based user logins on a Rails application.

  • rails-engine

Which shows how to use siwe_rails gem to set up and configure the endpoints to generate and verify a Sign-In with Ethereum message in a Rails application.

  • omniauth-siwe

Which shows how to use and configure the omniauth-siwe provider with OmniAuth in a Rails application.


Maturity disclaimer: Our Ruby library and Rails examples for Sign-In with Ethereum have not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.


If you're interested in integrating Sign-In with Ethereum into your dapp, app, or service, we are more than happy to help and provide any support we can.

As we continue our work supporting Sign-In with Ethereum, we especially welcome implementers who already have users relying on similar workflows, authors of related EIPs, and wallet vendors who would like to do more to support user-owned identities to join us.

If you are interested in being involved, please join our Discord server:


Sign up for more like this.

Enter your email
Subscribe
Spruce Developer Update #29

Spruce Developer Update #29

At Spruce, we’re letting users control their identity and data across the web. Here’s the latest from our development efforts.
Mar 6, 2023 5 min read
Plant a Tree and Control Your Data with SSX At ETHDenver

Plant a Tree and Control Your Data with SSX At ETHDenver

We're happy to announce that we are demoing an app called SSX Quest that shows how Sign-In with Ethereum can extend user control into interactions with user-controlled data, beyond just identity.
Mar 2, 2023 6 min read
Spruce at ETHDenver 2023

Spruce at ETHDenver 2023

It’s the greatest time of year again–when thousands of developers and Web3 aficionados descend upon the mountains of Colorado for a week of Ethereum fandom, activities, events, and hackathons. ETHDenver is here and Spruce will have events, activities, bounties, talks and more.
Feb 27, 2023 5 min read
Spruce © 2023
Powered by Ghost