Sign In With Ethereum
Web3Modal SDK provides a simple solution for integrating with "Sign In With Ethereum" (SIWE), a new form of authentication that enables users to control their digital identity with their Ethereum account. SIWE is a standard also known as EIP-4361.
NextAuthβ
NextAuth is a complete open-source authentication solution for Next.js applications. It is designed from the ground up to support Next.js and Serverless. We can use NextAuth with SIWE to handle users authentication and sessions.
Installationβ
Install the Web3Modal SIWE package, additionally we also recommend installing siwe and next-auth.
- npm
- Yarn
- Bun
- pnpm
npm i @web3modal/siwe siwe next-auth
yarn add @web3modal/siwe siwe next-auth
bun a @web3modal/siwe siwe next-auth
pnpm add @web3modal/siwe siwe next-auth
Configure your SIWE Clientβ
Let's create a file to instantiate our SIWE configuration. For this example we will use config/siwe.ts
import { getCsrfToken, signIn, signOut, getSession } from 'next-auth/react'
import { SiweMessage } from 'siwe'
import type { SIWEVerifyMessageArgs, SIWECreateMessageArgs } from '@web3modal/siwe'
import { createSIWEConfig } from '@web3modal/siwe'
export const siweConfig = createSIWEConfig({
createMessage: ({ nonce, address, chainId }: SIWECreateMessageArgs) =>
new SiweMessage({
version: '1',
domain: window.location.host,
uri: window.location.origin,
address,
chainId,
nonce,
// Human-readable ASCII assertion that the user will sign, and it must not contain `\n`.
statement: 'Sign in With Ethereum.'
}).prepareMessage(),
getNonce: async () => {
const nonce = await getCsrfToken()
if (!nonce) {
throw new Error('Failed to get nonce!')
}
return nonce
},
getSession,
verifyMessage: async ({ message, signature }: SIWEVerifyMessageArgs) => {
try {
const success = await signIn('credentials', {
message,
redirect: false,
signature,
callbackUrl: '/protected'
})
return Boolean(success?.ok)
} catch (error) {
return false
}
},
signOut: async () => {
try {
await signOut({
redirect: false
})
return true
} catch (error) {
return false
}
}
})
Initialize Web3Modal with your siweConfig
.β
import { siweConfig } from '@/config/siwe'
createWeb3Modal({
siweConfig,
wagmiConfig, // or ethersConfig
projectId,
chains
})
Set up your API routeβ
Add NEXTAUTH_SECRET
as an environment variable, it will be used to encrypt and decrypt user sessions. Learn more.
Create your API route at api/auth/[...nextauth]/route.ts
inside the app
directory.
import { NextAuthOptions } from 'next-auth'
import credentialsProvider from 'next-auth/providers/credentials'
import { getCsrfToken } from 'next-auth/react'
import NextAuth from 'next-auth/next'
import type { SIWESession } from '@web3modal/siwe'
import { SiweMessage } from 'siwe'
declare module 'next-auth' {
interface Session extends SIWESession {
address: string
chainId: number
}
}
const nextAuthSecret = process.env.NEXTAUTH_SECRET
if (!nextAuthSecret) {
throw new Error('NEXTAUTH_SECRET is not set')
}
// Get your projectId on https://cloud.walletconnect.com
const projectId = process.env.NEXT_PUBLIC_PROJECT_ID
if (!projectId) {
throw new Error('NEXT_PUBLIC_PROJECT_ID is not set')
}
const authOptions: NextAuthOptions = {
// https://next-auth.js.org/configuration/providers/oauth
secret: nextAuthSecret,
providers: [
credentialsProvider({
name: 'Ethereum',
credentials: {
message: {
label: 'Message',
type: 'text',
placeholder: '0x0'
},
signature: {
label: 'Signature',
type: 'text',
placeholder: '0x0'
}
},
async authorize(credentials, req) {
try {
if (!credentials?.message) {
throw new Error('SiweMessage is undefined')
}
const siwe = new SiweMessage(credentials.message)
const nonce = await getCsrfToken({ req: { headers: req.headers } })
const result = await siwe.verify({
signature: credentials?.signature || '',
nonce
})
if (result.success) {
return {
id: `eip155:${siwe.chainId}:${siwe.address}`
}
}
return null
} catch (e) {
return null
}
}
})
],
session: {
strategy: 'jwt'
},
callbacks: {
session({ session, token }) {
if (!token.sub) {
return session
}
const [, chainId, address] = token.sub.split(':')
if (chainId && address) {
session.address = address
session.chainId = parseInt(chainId, 10)
}
return session
}
}
}
const handler = NextAuth(authOptions)
export { handler as GET, handler as POST }
SIWE Config referenceβ
interface SIWEConfig {
// Required
getNonce: () => Promise<string>
createMessage: (args: SIWECreateMessageArgs) => string
verifyMessage: (args: SIWEVerifyMessageArgs) => Promise<boolean>
getSession: () => Promise<SIWESession | null>
signOut: () => Promise<boolean>
// Optional
onSignIn?: (session?: SIWESession) => void
onSignOut?: () => void
// Defaults to true
enabled?: boolean
// In milliseconds, defaults to 5 minutes
nonceRefetchIntervalMs?: number
// In milliseconds, defaults to 5 minutes
sessionRefetchIntervalMs?: number
// Defaults to true
signOutOnDisconnect?: boolean
// Defaults to true
signOutOnAccountChange?: boolean
// Defaults to true
signOutOnNetworkChange?: boolean
}
Requiredβ
getNonceβ
The getNonce method functions as a safeguard against spoofing, akin to a CSRF token. The siwe package provides a generateNonce() helper, or you can utilize an existing CSRF token from your backend if available.
createMessageβ
The official siwe package offers a straightforward method for generating an EIP-4361-compatible message, which can subsequently be authenticated using the same package. The nonce parameter is derived from your getNonce endpoint, while the address and chainId variables are sourced from the presently connected wallet.
verifyMessageβ
The verifyMessage
method should lean on the siwe package's new
SiweMessage(message).validate(signature)
to ensure the message is valid, has not been tampered with, and has been appropriately signed by the wallet address.
getSessionβ
The backend session should store the associated address and chainId and return it via the getSession
method.
signOutβ
The users session can be destroyed calling signOut
.
Optionalβ
onSignIn (session?: SIWESession) => void
β
Callback when user signs in.
onSignOut () => void
β
Callback when user signs out.
enabled boolean
- defaults to true
β
Whether or not to enable SIWE. Defaults to true.
nonceRefetchIntervalMs number
- defaults to 300000
ms (5 minutes)β
How often to refetch the nonce, in milliseconds.
sessionRefetchIntervalMs number
- defaults to 300000
ms (5 minutes)β
How often to refetch the session, in milliseconds.
signOutOnDisconnect boolean
- defaults to trueβ
Whether or not to sign out when the user disconnects their wallet.
signOutOnAccountChange boolean
- defaults to trueβ
Users will be signed out and redirected to the SIWE view to sign a new message in order to keep the SIWE session in sync with the connected account.
signOutOnNetworkChange boolean
- defaults to trueβ
Users will be signed out and redirected to the SIWE view to sign a new message in order to keep the SIWE session in sync with the connected account/network.
Was this helpful?