Skip to content

feat: add sign in with ethereum #2069

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Jul 24, 2025
Merged

feat: add sign in with ethereum #2069

merged 15 commits into from
Jul 24, 2025

Conversation

Bewinxed
Copy link
Collaborator

@Bewinxed Bewinxed commented Jul 1, 2025
edited by hf
Loading

Adds Sign in with Ethereum. Configure it by:

GOTRUE_EXTERNAL_WEB3_ETHEREUM_ENABLED="true"
GOTRUE_EXTERNAL_WEB3_ETHEREUM_MAXIMUM_VALIDITY_DURATION="10m"

SIWS & SIWE are based off of EIP-4361, which is referenced here: https://eips.ethereum.org/EIPS/eip-4361, so they are close in implementation with slight differences between address/signature verification format & algorithm.

For Ethereum, specifically the signature verification part, It requires recovering the public address from the signature, and then testing the signature against it, with the algorithm Ethereum uses, this is tedious to implement without using the https://github.com/ethereum/go-ethereum package, as the verification has some error correction that it does, would be hard to test/maintain without the dependency, let me know what you think.

hf
hf reviewed Jul 7, 2025
View reviewed changes
hf
hf reviewed Jul 7, 2025
View reviewed changes
hf
hf reviewed Jul 7, 2025
View reviewed changes
hf
hf reviewed Jul 7, 2025
View reviewed changes
@Bewinxed Bewinxed mentioned this pull request Jul 13, 2025
Merged
hf
hf approved these changes Jul 16, 2025
View reviewed changes
Copy link
Contributor

@hf hf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just beautiful!

Bewinxed and others added 13 commits July 16, 2025 09:51
@Bewinxed
feat-wip: implement Sign-In with Ethereum (SIWE) authentication support
646ac50
@Bewinxed
feat: add signature verification panic messages and generate test cas…
b3baa62 
…es for SIWE messages
@Bewinxed
feat (wip): add SIWE to the web3 handler
d27fb56
@Bewinxed
feat (wip): SIWE
b1b3e2b 
- Fix Nil date validation.
- Fix remaining web3 tests.
- Add ethereum enum/example to openapi.yml
@Bewinxed
feat: SIWE, Backend Implementation:
5d3ba8b 
- Added Ethereum config to example.env
@Bewinxed
make SIWE timestamp validation order-agnostic
65f80d4 
change name of ChainFormatF
@Bewinxed
fix newlines to \n in siwe parser_test.go
8486014
@Bewinxed
Add standard error templates for SIWS to be consistent with SIWE, reu…
dda10f2 
…se in implementation & testing.
@Bewinxed
siws: move chain verification to fail faster
49bf5ff
@Bewinxed
cleanup work files
0eebb6b
@Bewinxed
add comment to SIWE verifySignature to clarify placement within the v…
8e309b0 
…erification process.
@Bewinxed
gofmt on internal/utilities/siwe/parser.go
6d4cfad
@Bewinxed
pull latest changes and add config.AuditLog to web3 siwe
84ff3cd
@Bewinxed Bewinxed force-pushed the siwe-implementation branch from 4600a97 to 84ff3cd Compare July 16, 2025 10:00
@Bewinxed Bewinxed marked this pull request as ready for review July 16, 2025 10:41
@Bewinxed Bewinxed requested a review from a team as a code owner July 16, 2025 10:41
@coveralls
Copy link

Pull Request Test Coverage Report for Build 16317115832

Details

  • 279 of 312 (89.42%) changed or added relevant lines in 6 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.3%) to 70.48%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/utilities/siwe/parser.go 139 146 95.21%
internal/api/web3.go 90 116 77.59%
Totals Coverage Status
Change from base Build 16138358707: 0.3%
Covered Lines: 11768
Relevant Lines: 16697
💛 - Coveralls

hf pushed a commit to supabase/auth-js that referenced this pull request Jul 23, 2025
@Bewinxed
feat: add sign in with ethereum to signInWithWeb3 (#1082)
483e24b 
## What kind of change does this PR introduce?

This PR adds SIWE (Sign-In-With-Ethereum) support to auth-js, related to
[this PR on /auth](supabase/auth#2069)

## What is the current behavior?

Multiple providers & SIWS (Solana) supported

## What is the new behavior?

Add SIWE (Ethereum) support.

## Additional context

The types are inspired by the the [viem](https://viem.sh/) library,
which has minimal & modern types, but they were simplified and copied
over to the local code to remove dependency on it.
@hf hf changed the title feat: implement Sign-In with Ethereum (SIWE) authentication support feat: add sign in with ethereum Jul 24, 2025
@hf hf merged commit 079b242 into supabase:master Jul 24, 2025
6 checks passed
@github-actions github-actions bot mentioned this pull request Jul 24, 2025
Merged
cemalkilic pushed a commit that referenced this pull request Aug 6, 2025
@github-actions
chore(master): release 2.178.0 (#2083)
dbaccd4 
🤖 I have created a release *beep* *boop*
---


##
[2.178.0](v2.177.0...v2.178.0)
(2025-08-05)


### Features

* add sign in with ethereum
([#2069](#2069))
([079b242](079b242))
* add support for managing SSO providers by resource_id
([#2081](#2081))
([5ca4489](5ca4489))
* log all audit events separately to prevent missing events
([#2086](#2086))
([3b666f5](3b666f5))
* skip nonce check for Facebook Limited Login auth
([#2082](#2082))
([f1b15ff](f1b15ff))
* support ledger solana offchain message signing
([#2093](#2093))
([4c94443](4c94443))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
cemalkilic pushed a commit that referenced this pull request Aug 7, 2025
@Bewinxed @cemalkilic
feat: add sign in with ethereum (#2069)
355246b 
Adds Sign in with Ethereum. Configure it by:

```
GOTRUE_EXTERNAL_WEB3_ETHEREUM_ENABLED="true"
GOTRUE_EXTERNAL_WEB3_ETHEREUM_MAXIMUM_VALIDITY_DURATION="10m"
```

SIWS & SIWE are based off of EIP-4361, which is referenced here:
https://eips.ethereum.org/EIPS/eip-4361, so they are close in
implementation with slight differences between address/signature
verification format & algorithm.

For Ethereum, specifically the signature verification part, It requires
recovering the public address from the signature, and then testing the
signature against it, with the algorithm Ethereum uses, this is tedious
to implement without using the https://github.com/ethereum/go-ethereum
package, as the verification has some error correction that it does,
would be hard to test/maintain without the dependency, let me know what
you think.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hf hf hf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Bewinxed @coveralls @hf