A Python implementation of Sign-In with Ethereum (EIP-4361).
Project description
Sign-In with Ethereum
This package provides a Python implementation of EIP-4361: Sign In With Ethereum.
Installation
SIWE can be easily installed in any Python project with pip:
pip install siwe
Usage
SIWE provides a SiweMessage class which implements EIP-4361.
Parsing a SIWE Message
Parsing is done by initializing a SiweMessage object with an EIP-4361 formatted string:
from siwe import SiweMessage
message = SiweMessage.from_message(message=eip_4361_string)
Or to initialize a SiweMessage as a pydantic.BaseModel right away:
message = SiweMessage(domain="login.xyz", address="0x1234...", ...)
Verifying and Authenticating a SIWE Message
Verification and authentication is performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.
try:
message.verify(signature="0x...")
# You can also specify other checks (e.g. the nonce or domain expected).
except siwe.ValidationError:
# Invalid
Serialization of a SIWE Message
SiweMessage instances can also be serialized as their EIP-4361 string representations via the prepare_message method:
print(message.prepare_message())
Example
Parsing and verifying a SiweMessage is easy:
try:
message: SiweMessage = SiweMessage(message=eip_4361_string)
message.verify(signature, nonce="abcdef", domain="example.com"):
except siwe.ValueError:
# Invalid message
print("Authentication attempt rejected.")
except siwe.ExpiredMessage:
print("Authentication attempt rejected.")
except siwe.DomainMismatch:
print("Authentication attempt rejected.")
except siwe.NonceMismatch:
print("Authentication attempt rejected.")
except siwe.MalformedSession as e:
# e.missing_fields contains the missing information needed for validation
print("Authentication attempt rejected.")
except siwe.InvalidSignature:
print("Authentication attempt rejected.")
# Message has been verified. Authentication complete. Continue with authorization/other.
Testing
poetry install
git submodule update --init
poetry run pytest
See Also
- Sign-In with Ethereum: TypeScript
- Example SIWE application: login.xyz
- EIP-4361 Specification Draft
- EIP-191 Specification
Disclaimer
Our Python library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file siwe-4.4.0.tar.gz.
File metadata
- Download URL: siwe-4.4.0.tar.gz
- Upload date:
- Size: 14.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.12.7 Darwin/23.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5fdf843253a91d78085f1da11ed7c9695bbb743e112da658e63a285ddf3ffec7 |
|
| MD5 | 22cb68e5894e017e050fba919389652d |
|
| BLAKE2b-256 | a02053cce95942c4e7cac9020d509b88a9cf09b40443b7de8b6f44fe6e24aa26 |
File details
Details for the file siwe-4.4.0-py3-none-any.whl.
File metadata
- Download URL: siwe-4.4.0-py3-none-any.whl
- Upload date:
- Size: 10.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.12.7 Darwin/23.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3a4db2d36e10933c01d09ba0aad4db2f404e9ab2c9e9a204fa1bc1103e9d754d |
|
| MD5 | 2f6a997f6a127cd71c8c5355662f4ac9 |
|
| BLAKE2b-256 | 67713bc6d28fe362f295593f570e93db8ec84842634efc3f55612dfab51e7748 |
