Switchboard Gets a Powerful New Tool: Sign In with Ethereum Now Available!
Energy Web’s IAM stack now supports SIWE authentication for all types of applications, enabling new use cases for developers.
At Energy Web we are strong believers that self-sovereign identity (SSI) is a key enabling technology for the global energy transition. Last year we took an initial step in unlocking the potential for SSI within the energy sector with the release of Switchboard, an enterprise identity and access management (IAM) solution.
Today we are pleased to announce the next step in our journey with the implementation of Sign In With Ethereum (SIWE) in Energy Web’s IAM stack. SIWE is a feature-rich, decentralized authentication mechanism that enables users to log into any web application (not just blockchain-based dApps), set preferences, and manage sessions using their Ethereum address and private key instead of a username and password. Within the Energy Web ecosystem, SIWE offers another way to empower users with greater control over their digital identity and data while strengthening application security and improving user experiences.
SIWE is currently implemented in the Switchboard dev environment, and will be released in production Switchboard in early May 2023.
In this post we will explain why SIWE is being integrated into Switchboard, show how it works, and provide examples of use cases that SIWE unlocks for developers.
Why SIWE for EWC?
An application is only as useful as its ability to verify that users are who they claim to be (and thus grant access to the appropriate systems and accounts). As the sophistication, risks, and consequences of cyberattacks that exploit user credentials have increased, authentication mechanisms have evolved to augment or replace conventional passwords with more robust cryptographic signatures.
SIWE, which was originally proposed as a formal standard in 2021, provides an open-source, standardized framework to securely authenticate users with any web-based services using an existing Ethereum address and private key. Beyond simply enhancing security, SIWE also provides a much more feature-rich login experience by enabling users to set preferences, initiate and resume sessions across time, and log into multiple services with a single set of credentials — all of which are hallmarks of popular single-sign-on identity providers.
It has numerous benefits, including security and UX improvements, over other PKI based signatures, including:
- A standard human readable verifiable message to confirm signatures.
- An EIP-standard message schema to incorporate all the information needed for a secure authentication.
- Verification for domain and uri, this assures the authenticity of the requester / verifier. Users can validate the domain the transaction was initiated from and the URI to which the access would be provided to (redirection) upon signing for authentication / authorization.
- Preventing replay attacks with a nonce, which could be a challenge from a server or a random token.
With all these benefits, SIWE was a logical upgrade for Energy Web’s Switchboard IAM solution. Now any application using Switchboard (or the underlying passport-did-auth v2.0.0 repository) for authentication gets the benefits of SIWE. The diagram below explains how SIWE is currently implemented in Energy Web’s identity stack:
Lets see a quick demo to understand the flow
Note: The highlighted text from the first MetaMask pop-up for signing is the SIWE message.
How developers can use SIWE with Energy Web’s Solutions
SIWE offers a bridge to leverage Web3 authentication (i.e. signatures from Web3 wallets) in conventional Web2 applications and services. For application developers who want to offer users the option to login with an Energy Web account, SIWE now enables federated identity management via a single identity service that can be used across multiple services using OpenID Connect (OIDC) for user’s session management.
An example of implementing SIWE-OIDC is shown below:
Current scope for SIWE-OIDC
SpruceID has deployed an OpenID Connect Provider (OP) which has support for SIWE and is hosted under https://oidc.signinwithethereum.org/. This deployment is a DAO-governed OP supported by ENS DAO.To use the hosted OIDC server it is required to register the application as an OIDC client using the OIDC client registration of https://oidc.signinwithethereum.org/. Currently, no user interface for OIDC client registration is supported. For that reason, developers will need to use the REST API.
A client can then be updated or deleted using the registration_client_uri with the registration_access_token as a Bearer token. The authentication could be similar to the following workflow:
Note: This flow is just a possible flow, it could be different for a different use case. In addition to the functionality already provided by SIWE, future extensions are possible such as support for Decentralized Identifiers and Verifiable Credentials and support for EIP-712 (type structure data hashing and signing).
The Energy Web team regularly participates in open-source digital identity initiatives including the W3C Credentials Community Group and Open Wallet Foundation, and we’ll continue to support and adopt new features and frameworks as they become available.
About Energy Web
Energy Web is a global non-profit accelerating the clean energy transition by developing open-source technology solutions for energy systems. Our enterprise-grade solutions improve coordination across complex energy markets, unlocking the full potential of clean, distributed energy resources for businesses, grid operators, and customers. The Energy Web ecosystem comprises leading utilities, renewable energy developers, grid operators, corporate energy buyers, automotive, internet-of-things, telecommunications leaders, and more. More information on Energy Web can be found at www.energyweb.org or follow us on Twitter @EnergyWebX
