This package provides a Python implementation of EIP-4361: Sign In With Ethereum.
SIWE can be easily installed in any Python project with pip:
pip install siwe
SIWE provides a SiweMessage
class which implements EIP-4361.
Parsing is done by initializing a SiweMessage
object with an EIP-4361 formatted string:
from siwe import SiweMessage
message: SiweMessage = SiweMessage(message=eip_4361_string)
Alternatively, initialization of a SiweMessage
object can be done with a dictionary containing expected attributes:
message: SiweMessage = SiweMessage(message={"domain": "login.xyz", "address": "0x1234...", ...})
Verification and authentication is performed via EIP-191, using the address
field of the SiweMessage
as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.
try:
message.verify(signature="0x...")
# You can also specify other checks (e.g. the nonce or domain expected).
except siwe.ValidationError:
# Invalid
SiweMessage
instances can also be serialized as their EIP-4361 string representations via the prepare_message
method:
print(message.prepare_message())
Parsing and verifying a SiweMessage
is easy:
try:
message: SiweMessage = SiweMessage(message=eip_4361_string)
message.verify(signature, nonce="abcdef", domain="example.com"):
except siwe.ValueError:
# Invalid message
print("Authentication attempt rejected.")
except siwe.ExpiredMessage:
print("Authentication attempt rejected.")
except siwe.DomainMismatch:
print("Authentication attempt rejected.")
except siwe.NonceMismatch:
print("Authentication attempt rejected.")
except siwe.MalformedSession as e:
# e.missing_fields contains the missing information needed for validation
print("Authentication attempt rejected.")
except siwe.InvalidSignature:
print("Authentication attempt rejected.")
# Message has been verified. Authentication complete. Continue with authorization/other.
poetry install
git submodule update --init
poetry run pytest
- Sign-In with Ethereum: TypeScript
- Example SIWE application: login.xyz
- EIP-4361 Specification Draft
- EIP-191 Specification
Our Python library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.