AppKit provides a simple solution for integrating with “Sign In With Ethereum” (SIWE), a new form of authentication that enables users to control their digital identity with their Ethereum account. SIWE is a standard also known as EIP-4361.
SIWE is being migrated to SIWX. We recommend using SIWX (Sign In With X) for new implementations as it provides multichain authentication support. For existing SIWE implementations, see the migration guide.
One-Click Auth represents a key advancement within WalletConnect v2, streamlining the user authentication process in AppKit by enabling them to seamlessly connect with a wallet and sign a SIWE message with just one click. It supports both EIP-1271, the standard for signature validation in smart accounts, and EIP-6492, which enables signature validation for smart accounts (contracts) that are not yet deployed, allowing messages to be signed without requiring prior deployment.
Connecting a wallet, proving control of an address with an off-chain signature, authorizing specific actions. These are the kinds of authorizations that can be encoded as “ReCaps”. ReCaps are permissions for a specific website or dapp that can be compactly encoded as a long string in the message you sign and translated by any wallet into a straight-forward one-sentence summary. WalletConnect uses permissions expressed as ReCaps to enable a One-Click Authentication.
NextAuth is a complete open-source authentication solution for Next.js applications. It is designed from the ground up to support Next.js and Serverless. We can use NextAuth with SIWE to handle users authentication and sessions.
Install the AppKit SIWE package, additionally we also recommend installing siwe which will abstract a lot of the required logic.
Check the Next.js example using NextAuth
verifySignature
Verify a SIWE signature.
getChainIdFromMessage
Get the chain ID from the SIWE message.
getAddressFromMessage
Get the address from the SIWE message.
verifySignature
Verify a SIWE signature.
getChainIdFromMessage
Get the chain ID from the SIWE message.
getAddressFromMessage
Get the address from the SIWE message.
With help of the siwe package we will create the required configuration for AppKit.
The nonce and verification process will be implemented in your backend. Read more.
Let’s create a file to instantiate our SIWE configuration. For this example we will use config/siwe.ts
Add NEXTAUTH_SECRET
as an environment variable, it will be used to encrypt and decrypt user sessions. Learn more.
Create your API route at app/api/auth/[...nextauth]/route.ts
.
siweConfig
.The getNonce method functions as a safeguard against spoofing, akin to a CSRF token. The siwe package provides a generateNonce() helper, or you can utilize an existing CSRF token from your backend if available.
The official siwe package offers a straightforward method for generating an EIP-4361-compatible message, which can subsequently be authenticated using the same package. The nonce parameter is derived from your getNonce endpoint, while the address and chainId variables are sourced from the presently connected wallet.
The verifyMessage
method should lean on the siwe package’s new
to ensure the message is valid, has not been tampered with, and has been appropriately signed by the wallet address.
The backend session should store the associated address and chainId and return it via the getSession
method.
The users session can be destroyed calling signOut
.
(session?: SIWESession) => void
Callback when user signs in.
() => void
Callback when user signs out.
boolean
- defaults to true
Whether or not to enable SIWE. Defaults to true.
number
- defaults to 300000
ms (5 minutes)How often to refetch the nonce, in milliseconds.
number
- defaults to 300000
ms (5 minutes)How often to refetch the session, in milliseconds.
boolean
- defaults to trueWhether or not to sign out when the user disconnects their wallet.
boolean
- defaults to trueUsers will be signed out and redirected to the SIWE view to sign a new message in order to keep the SIWE session in sync with the connected account.
boolean
- defaults to trueUsers will be signed out and redirected to the SIWE view to sign a new message in order to keep the SIWE session in sync with the connected account/network.
AppKit provides a simple solution for integrating with “Sign In With Ethereum” (SIWE), a new form of authentication that enables users to control their digital identity with their Ethereum account. SIWE is a standard also known as EIP-4361.
SIWE is being migrated to SIWX. We recommend using SIWX (Sign In With X) for new implementations as it provides multichain authentication support. For existing SIWE implementations, see the migration guide.
One-Click Auth represents a key advancement within WalletConnect v2, streamlining the user authentication process in AppKit by enabling them to seamlessly connect with a wallet and sign a SIWE message with just one click. It supports both EIP-1271, the standard for signature validation in smart accounts, and EIP-6492, which enables signature validation for smart accounts (contracts) that are not yet deployed, allowing messages to be signed without requiring prior deployment.
Connecting a wallet, proving control of an address with an off-chain signature, authorizing specific actions. These are the kinds of authorizations that can be encoded as “ReCaps”. ReCaps are permissions for a specific website or dapp that can be compactly encoded as a long string in the message you sign and translated by any wallet into a straight-forward one-sentence summary. WalletConnect uses permissions expressed as ReCaps to enable a One-Click Authentication.
NextAuth is a complete open-source authentication solution for Next.js applications. It is designed from the ground up to support Next.js and Serverless. We can use NextAuth with SIWE to handle users authentication and sessions.
Install the AppKit SIWE package, additionally we also recommend installing siwe which will abstract a lot of the required logic.
Check the Next.js example using NextAuth
verifySignature
Verify a SIWE signature.
getChainIdFromMessage
Get the chain ID from the SIWE message.
getAddressFromMessage
Get the address from the SIWE message.
verifySignature
Verify a SIWE signature.
getChainIdFromMessage
Get the chain ID from the SIWE message.
getAddressFromMessage
Get the address from the SIWE message.
With help of the siwe package we will create the required configuration for AppKit.
The nonce and verification process will be implemented in your backend. Read more.
Let’s create a file to instantiate our SIWE configuration. For this example we will use config/siwe.ts
Add NEXTAUTH_SECRET
as an environment variable, it will be used to encrypt and decrypt user sessions. Learn more.
Create your API route at app/api/auth/[...nextauth]/route.ts
.
siweConfig
.The getNonce method functions as a safeguard against spoofing, akin to a CSRF token. The siwe package provides a generateNonce() helper, or you can utilize an existing CSRF token from your backend if available.
The official siwe package offers a straightforward method for generating an EIP-4361-compatible message, which can subsequently be authenticated using the same package. The nonce parameter is derived from your getNonce endpoint, while the address and chainId variables are sourced from the presently connected wallet.
The verifyMessage
method should lean on the siwe package’s new
to ensure the message is valid, has not been tampered with, and has been appropriately signed by the wallet address.
The backend session should store the associated address and chainId and return it via the getSession
method.
The users session can be destroyed calling signOut
.
(session?: SIWESession) => void
Callback when user signs in.
() => void
Callback when user signs out.
boolean
- defaults to true
Whether or not to enable SIWE. Defaults to true.
number
- defaults to 300000
ms (5 minutes)How often to refetch the nonce, in milliseconds.
number
- defaults to 300000
ms (5 minutes)How often to refetch the session, in milliseconds.
boolean
- defaults to trueWhether or not to sign out when the user disconnects their wallet.
boolean
- defaults to trueUsers will be signed out and redirected to the SIWE view to sign a new message in order to keep the SIWE session in sync with the connected account.
boolean
- defaults to trueUsers will be signed out and redirected to the SIWE view to sign a new message in order to keep the SIWE session in sync with the connected account/network.