Workflow

Siwe

Latest version: v4.4.0

Safety actively analyzes 681881 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 2

2.0

Instead of `validate(...)`, SIWE 2.0 uses `verify(params, opts)`. The `verify` function accepts the primary argument `params`, which satisfies the following interface:
typescript
export interface VerifyParams {
/** Signature of the message signed by the wallet */
signature: string;

/** RFC 4501 dns authority that is requesting the signing. */
domain?: string;

/** Randomized token used to prevent replay attacks, at least 8 alphanumeric characters. */
nonce?: string;

/**ISO 8601 datetime string of the current time. */
time?: string;
}


The `opts` argument contains the options which dictate how the verification should proceed, namely:
typescript
export interface VerifyOpts {
/** ethers provider to be used for EIP-1271 validation */
provider?: providers.Provider;

/** If the library should reject promises on errors, defaults to false */
suppressExceptions?: boolean;
}


Finally, the `verify(...)` function returns an object of type `SiweResponse` defined as:
typescript
export interface SiweResponse {
/** Boolean representing if the message was verified with success. */
success: boolean;

/** If present `success` MUST be false and will provide extra information on the failure reason. */
error?: SiweError;

/** Original message that was verified. */
data: SiweMessage;
}


With the `suppressExceptions` option above, a `SiweResponse` with a populated error will be resolved instead of the promise being rejected, allowing for normal control flow handling. However, by default, promises are rejected to ensure defensive programming practices.

1.1.0

Breaking changes:
- `chainID` field is now an integer instead of a string.

Fixes:
- messages without a statement are now correctly handled.

1.0.0

Not secure
This updates the library version to 1.0.0, with a newly stabilized API.

- Renamed signMessage() to prepareMessage(): Functionality remains the same, but signMessage() is deprecated and will be removed in future releases. It will warn upon usage.
- The SignatureType enum is also deprecated and will be removed in future releases. Type will now be inferred from the version of the message.
- With the removal of the SignatureType enum there will be no use for the field type, which is now deprecated as well and will be removed.
The field signature is deprecated and will be removed in future releases.
- ***BREAKING CHANGE*** The method .validate(provider) now require a new argument signature, which until the removal of the field signature from message will be not required and inferred from it. If this method was being used with a provider as an argument the signature will have to be provided.
- Tests and the Notepad example were updated to work with these changes.

Page 2 of 2

Links

Releases

Has known vulnerabilities

Previous

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.