Expand description
Sign-In With Ethereum (EIP-4361).
Wallet-based passwordless auth — the user signs a structured message in their wallet (MetaMask, WalletConnect, Coinbase Wallet, etc.), pylon recovers the signer’s Ethereum address, and that address becomes the identity.
Spec: https://eips.ethereum.org/EIPS/eip-4361
Wire flow:
- Frontend asks
/api/auth/siwe/nonce?address=0x…→ pylon generates a random nonce, stashes it server-side keyed by address (5-min expiry, single-use). - Frontend builds the EIP-4361 message including the nonce,
domain,uri,chain_id, etc., and asks the wallet topersonal_signit. - Frontend POSTs
/api/auth/siwe/verifywith{ message, signature }. Pylon recovers the signer address from the signature using secp256k1 + keccak256 (the Ethereum signed-message scheme), validates the message fields (nonce match, domain match, expiry, not-before, chain_id), and mints a session keyed onsiwe:<lowercased-address>.
Structs§
- Nonce
Store - Per-address pending nonce (issued at /siwe/nonce, consumed at /siwe/verify). Single-use, 5-min TTL.
- Siwe
Message - Ethereum-signed-message recovery + EIP-4361 message validation.
Enums§
Functions§
- parse_
message - Parse the EIP-4361 plaintext message format. Apps that need the
full structured form should use this +
verify_signatureseparately. - recover_
address - Recover the Ethereum address that signed
message. Returns the lowercase 0x-prefixed form. Standalone for callers that want to compose their own validation pipeline. - serialize_
for_ signing - Serialize a SIWE message back into its canonical wire form for signing. MUST be byte-identical to what the wallet hashed.
- validate_
message - Validate the non-cryptographic parts of a SIWE message: domain,
nonce, expiration, not-before. Use
verifyto also check the signature. - verify
- Validate the message + verify the signature, returning the recovered lowercased Ethereum address on success.