Siwe-java

Siwe-java is a Java lib that implements Sign-In with Ethereum (EIP-4361).

Sign-In with Ethereum (Siwe) defines how Ethereum accounts can authenticate with off-chain services by signing a standardized plaintext message. Siwe-java provides methods to create a Siwe message from scratch, to parse existing Siwe strings and to validate its signature.

Installation

Add the following Maven dependency to your project (requires Java 17 or higher).

<dependency>
    <groupId>com.moonstoneid</groupId>
    <artifactId>siwe-java</artifactId>
    <version>1.0.7</version>
</dependency>

Usage

The following examples briefly show how to use siwe-java.

A full example can be found here.

Create new message

Create a new Siwe message from scratch and get a valid EIP-4361 string representation.

try {
    // Create new SiweMessage
    SiweMessage siwe = new SiweMessage.Builder(domain, address, uri, version, chainId, nonce, issuedAt)
        .statement(statement).build();
    
    // Create EIP-4361 string from SiweMessage
    String msg = siwe.toMessage();     
} catch (SiweException e) {
    // Handle exception
}

Parse existing message

Parse an EIP-4361 string into a Siwe message and verify its signature:

String message = "example.com wants you to sign in with your Ethereum account:\n" +
    "0xAd472fbB6781BbBDfC4Efea378ed428083541748\n\n" +
    "Sign in to use the app.\n\n" +
    "URI: https://example.com\n" +
    "Version: 1\n" +
    "Chain ID: 1\n" +
    "Nonce: EnZ3CLrm6ap78uiNE0MU\n" +
    "Issued At: 2022-06-17T22:29:40.065529400+02:00";

String signature = "0x2ce1f57908b3d1cfece352a90cec9beab0452829a0bf741d26016d60676d63" +
        "807b5080b4cc387edbe741203387ef0b8a6e79743f636512cc48c80cbb12ffa8261b";
try {
    // Parse string to SiweMessage
    SiweMessage siwe = new SiweMessage.Parser().parse(message);

    // Verify integrity of SiweMessage by matching its signature
    siwe.verify("example.com", "EnZ3CLrm6ap78uiNE0MU", signature);
} catch (SiweException e) {
    // Handle exception
}

Specification

The EIP-4361 specification can be found here.

Contributing

Please use the issue tracker to report any bugs.

If you would like to contribute code, fork the repository and send a pull request. When submitting code, please make every effort to follow existing conventions and style in order to keep the code as readable as possible.

Disclaimer

This project has not undergone any formal security audit. Use at your own risk.

Credits

Thanks to @wyc and Spruce Systems, Inc. for pushing EIP-4361 forward.

License

This project is distributed under the Apache License, Version 2.0 (see LICENSE file).

By submitting a pull request to this project, you agree to license your contribution under the Apache License, Version 2.0.