Announcing ic-siwe: Use Ethereum wallets to login to IC

I figured it out, i needed to trigger the login like this after the eth wallet authentictation
(note that i created aliasses for isConnected and identity)

useEffect(() => {
	if (isWagmiConnected && prepareLoginStatus === 'success' && !siweIdentity) {
		login();
	}
}, [isWagmiConnected, prepareLoginStatus]);

Now i only get the following error

Body: Failed to authenticate request 0xe8e61072aef5a719597f716ac0d01b7537d5263a58133cb8b73c77b01fb64a13 due to: Canister SOME_CANISTER_ID is not one of the delegation targets

how do i set these delegation targets?

1 Like

Oh it’s on the init on the backend, posted the above question a bit to fast :sweat_smile:

Great to hear! All good then?

The SIWE provider canister needs to be configured with info about for which canisters the delegate identity is valid.

From the Makefile:

deploy-provider:
	dfx deploy ic_siwe_provider --argument "( \
	    record { \
	        domain = \"127.0.0.1\"; \
	        uri = \"http://127.0.0.1:5173\"; \
	        salt = \"salt\"; \
	        chain_id = opt 1; \
	        scheme = opt \"http\"; \
	        statement = opt \"Login to the SIWE/IC demo app\"; \
	        sign_in_expires_in = opt 300000000000; /* 5 minutes */ \
	        session_expires_in = opt 604800000000000; /* 1 week */ \
	        targets = opt vec { \
	            \"$$(dfx canister id ic_siwe_provider)\"; \
	            \"$$(dfx canister id backend)\"; \
	        }; \
	    } \
	)"

targets can also be an empty vec, in that case identity is valid for any canister.

1 Like

For the login part everything is good, now i only need to find i a nice way to make it work with our existing setup, but i’m sure i can make it work.

The empty targets is a nice one to keep in mind!

Appreciate the help

1 Like

Yes, you need to trigger the signature request from the frontend domain listed in the SIWE message. Otherwise warning. Not all wallets do this unfortunately so there still remains a phishing risk with SIWE login in combination with wallets that do not fully support the SIWE protocol.

Why do you need a salt to build the ic-siwe-provider?

The salt is used during the creation of user seeds, together with the ethereum address of calling user and (possibly) the frontend url. Internet Identity uses it the same way.

1 Like

Is there anything additional that you have to do to be able to make authenticated calls?

I implemented an app similar to the ic-siwe-react-demo-ts except for using ic-use-actor. I do receive a delegated identity when calling the hooks provided in the ic-use-siwe-identity package:

const { identity } = useSiweIdentity();

However, when I run ic.caller() in the backend, I still get returned an anonymous principal.

1 Like

If you are not using ic-use-actor then you need to create an authenticated actor yourself. Have you done that?

From the ic-use-actor code:

const agent = new HttpAgent({ identity, ...httpAgentOptions });

if (process.env.DFX_NETWORK !== "ic") {
  agent.fetchRootKey().catch((err) => {
    console.warn(
      "Unable to fetch root key. Check to ensure that your local replica is running"
    );
    console.error(err);
  });
}

const actor = Actor.createActor<typeof context>(idlFactory, {
  agent,
  canisterId,
  ...actorOptions,
});
1 Like