Skip to content

Latest commit

 

History

History
101 lines (82 loc) · 3.63 KB

File metadata and controls

101 lines (82 loc) · 3.63 KB
title Sign-In with Solana (SIWS) - MetaMask Connect
sidebar_label Sign in with Solana
description Implement Sign-In with Solana (SIWS) authentication in your dapp using MetaMask Connect, with domain binding and phishing protection.
keywords
sign in with solana
SIWS
solana authentication
domain binding
offchain auth
metamask
solana login

Sign in with Solana

Sign-In with Solana (SIWS) lets users sign in to your dapp by authenticating with their MetaMask wallet, instead of a traditional username and password.

Sign-in with Solana request

Domain binding

MetaMask supports domain binding with SIWS to help prevent phishing attacks. When a site asks a user to sign a SIWS message, but the domain in the message doesn't match the site the user is on, MetaMask displays a warning in the sign-in interface. The user must explicitly select to proceed, accepting the risk of a phishing attack.

:::caution important MetaMask displays a prominent warning for mismatched domains, but does not block users from bypassing the warning and accepting the sign-in request. This avoids breaking existing dapps that may have use cases for mismatched domains. :::

MetaMask Sign-In with Solana domain mismatch warning
MetaMask Sign-In with Solana domain mismatch detailed warning popup

Example

The following example shows how to set up SIWS with MetaMask using solana:signMessage:

import { createSolanaClient } from '@metamask/connect-solana'

const solanaClient = await createSolanaClient({
  dapp: {
    name: 'My Solana Dapp',
    url: window.location.origin,
  },
})

const wallet = solanaClient.getWallet()
const { accounts } = await wallet.features['standard:connect'].connect()

const siwsSign = async siwsMessage => {
  try {
    const message = new TextEncoder().encode(siwsMessage)
    const [{ signature }] = await wallet.features['solana:signMessage'].signMessage({
      account: accounts[0],
      message,
    })
    siwsResult.innerHTML = signature
  } catch (err) {
    console.error(err)
    siwsResult.innerHTML = `Error: ${err.message}`
  }
}

siws.onclick = async () => {
  const domain = window.location.host
  const from = accounts[0].address
  const siwsMessage = `${domain} wants you to sign in with your Solana account:\n${from}\n\nI accept the MetaMask Terms of Service: https://community.metamask.io/tos\n\nURI: https://${domain}\nVersion: 1\nChain ID: 5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp\nNonce: 32891757\nIssued At: 2021-09-30T16:25:24.000Z`
  siwsSign(siwsMessage)
}

The following HTML displays the SIWS button:

<h4>Sign-In with Solana</h4>
<button type="button" id="siws">Sign-In with Solana</button>
<p class="alert">Result:<span id="siwsResult"></span></p>

See the JavaScript quickstart for a complete working example.

Next steps