A Python implementation of Sign-In with Ethereum (EIP-4361).

These details have not been verified by PyPI

Project links

Project description

Sign-In with Ethereum

This package provides a Python implementation of EIP-4631: Sign In With Ethereum.

Installation

SIWE can be easily installed in any Python project with pip:

pip install siwe

Usage

SIWE provides a SiweMessage class which implements EIP-4361.

Parsing a SIWE Message

Parsing is done by initializing a SiweMessage object with an EIP-4361 formatted string:

from siwe import SiweMessage
message: SiweMessage = SiweMessage(message=eip_4361_string)

Alternatively, initialization of a SiweMessage object can be done with a dictionary containing expected attributes:

message: SiweMessage = SiweMessage(message={"domain": "login.xyz", "address": "0x1234...", ...})

Verifying and Authenticating a SIWE Message

Verification and authentication is performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.

try:
    message.verify(signature="0x...")
    # You can also specify other checks (e.g. the nonce or domain expected).
except siwe.ValidationError:
    # Invalid

Serialization of a SIWE Message

SiweMessage instances can also be serialized as their EIP-4361 string representations via the prepare_message method:

print(message.prepare_message())

Example

Parsing and verifying a SiweMessage is easy:

try:
    message: SiweMessage = SiweMessage(message=eip_4361_string)
    message.verify(signature, nonce="abcdef", domain="example.com"):
except siwe.ValueError:
    # Invalid message
    print("Authentication attempt rejected.")
except siwe.ExpiredMessage:
    print("Authentication attempt rejected.")
except siwe.DomainMismatch:
    print("Authentication attempt rejected.")
except siwe.NonceMismatch:
    print("Authentication attempt rejected.")
except siwe.MalformedSession as e:
    # e.missing_fields contains the missing information needed for validation
    print("Authentication attempt rejected.")
except siwe.InvalidSignature:
    print("Authentication attempt rejected.")

# Message has been verified. Authentication complete. Continue with authorization/other.

Testing

poetry install
git submodule update --init
poetry run pytest

Disclaimer

Our Python library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

4.4.0

Oct 11, 2024

4.3.0

Oct 8, 2024

4.2.0

Jul 22, 2024

4.1.0

May 8, 2024

4.0.0

Apr 29, 2024

3.0.0

Apr 29, 2024

2.4.1

Jan 4, 2024

2.4.0

Aug 23, 2023

2.3.0

Aug 21, 2023

This version

2.2.0

Mar 28, 2023

2.1.1

Nov 1, 2022

2.1.0

Oct 6, 2022

2.0.0

May 9, 2022

1.0.1

Feb 21, 2022

1.0.0

Feb 1, 2022

0.1.2

Jan 12, 2022

0.1.1

Jan 11, 2022

0.1.0

Jan 10, 2022

0.0.1

Jan 7, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

siwe-2.2.0.tar.gz (13.0 kB view hashes)

Uploaded Mar 28, 2023 Source

Built Distribution

siwe-2.2.0-py3-none-any.whl (9.4 kB view hashes)

Uploaded Mar 28, 2023 Python 3

Hashes for siwe-2.2.0.tar.gz

Hashes for siwe-2.2.0.tar.gz
Algorithm	Hash digest
SHA256	`f657d1710204f4c2037922070d55ef69c2b0165898a38d53033953ff0f5a67c9`
MD5	`6cf02131327f0383a509d3e33f6bcb19`
BLAKE2b-256	`90f4766252f7a33705ee213d838a2a73ddd651776dd24e6552848400bb8a757e`

Hashes for siwe-2.2.0-py3-none-any.whl

Hashes for siwe-2.2.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`2a5f829ebd4d009d75958ae4a4a648dfaedb6081afed0d84d631f1acacb475e4`
MD5	`67446a89b776e6f111511467e476891f`
BLAKE2b-256	`1249036c79c9e856ec2edcea2c0b104daf86339d6bf3d9b504216c6667c824fb`