This package provides a Python implementation of EIP-4361: Sign In With Ethereum.
SIWE can be easily installed in any Python project with pip:
pip install siwe
SIWE provides a SiweMessage class which implements EIP-4361.
Parsing is done by initializing a SiweMessage object with an EIP-4361 formatted string:
from siwe import SiweMessage
message = SiweMessage.from_message(message=eip_4361_string)
Or to initialize a SiweMessage as a pydantic.BaseModel right away:
message = SiweMessage(domain="login.xyz", address="0x1234...", ...)
Verification and authentication is performed via EIP-191, using the address field of the SiweMessage as the expected signer. The validate method checks message structural integrity, signature address validity, and time-based validity attributes.
try:
message.verify(signature="0x...")
# You can also specify other checks (e.g. the nonce or domain expected).
except siwe.ValidationError:
# Invalid
SiweMessage instances can also be serialized as their EIP-4361 string representations via the prepare_message method:
print(message.prepare_message())
Parsing and verifying a SiweMessage is easy:
try:
message: SiweMessage = SiweMessage(message=eip_4361_string)
message.verify(signature, nonce="abcdef", domain="example.com"):
except siwe.ValueError:
# Invalid message
print("Authentication attempt rejected.")
except siwe.ExpiredMessage:
print("Authentication attempt rejected.")
except siwe.DomainMismatch:
print("Authentication attempt rejected.")
except siwe.NonceMismatch:
print("Authentication attempt rejected.")
except siwe.MalformedSession as e:
# e.missing_fields contains the missing information needed for validation
print("Authentication attempt rejected.")
except siwe.InvalidSignature:
print("Authentication attempt rejected.")
# Message has been verified. Authentication complete. Continue with authorization/other.
poetry install
git submodule update --init
poetry run pytest
Our Python library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.
FAQs
A Python implementation of Sign-In with Ethereum (EIP-4361).
We found that siwe demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.