Thanks to the hard work of Spruce, following their announcement on March 8th, you can now add Sign-in with Ethereum to your Auth0 tenant via their marketplace integration. While the debate rages on the value of cryptocurrencies, non-fungible tokens (NFTs), and decentralized autonomous organizations (DAOs), it’s clear that Web3 technologies have the potential to change the way we authenticate. The Auth0 Lab team has been following Web3 developments closely, and we’re excited to promote this new capability in Auth0.
Adoption
At the end of 2021, crypto.com estimated that 300 million people own some form of cryptocurrency. That means those 300 million crypto users (as well as new ones) need a wallet to hold the private keys allowing them to access their currency.
Diving in, 71 million of those cryptos wallets hold Ethereum. This massive adoption has led to an ecosystem of tools to help users leverage the private keys in their wallets for more than just blockchain transactions.
While many users lean on Metamask for non-custodial software wallets and a gateway for interacting with Web3 DApps, other options are gaining market share. Portis and Torus are other non-custodial wallet competitors.
Coinbase is a popular cryptocurrency exchange that creates custodial wallets on behalf of users to hold on to their cryptocurrencies. With 89+ million verified users, it’s quickly becoming a trusted option. Fortmatic is a custodial wallet just for authentication and gives users access to their private key with a traditional email/password flow that users recognize in web2.
WalletConnect is both a standard and a set of SDKs that help any app connect to any type of Web3 wallet. With over 160 apps listed in its registry, it’s becoming a popular way for developers to get access to users’ wallets.
Transactions on the Ethereum blockchain are also increasingly getting easier to conduct courtesy of tools like the Ethereum Name Service (ENS), which, similar to DNS, maps a unique human-readable name to the underlying machine-readable strings assigned to each wallet/account. This name can be used instead of the public key, and many apps know to find the address by looking at the ENS smart contract with a registry of the associated addresses. With 300k+ users, ENS is a growing trend in the Web3 community that makes it easier for the average person to work with their key.
Sign-in with Ethereum (SIWE)
Ethereum, along with other blockchains that allow for “smart contracts”, allow for additional authentication data to be stored on the blockchain. Non-fungible tokens (NFTs) are already being used to grant access to things like web communities, restaurants, and events. When our Auth0 Lab team started looking into Web3 technologies, we realized that smart contracts could be used to store data for JWT claims, verifiable credentials, and other authorization data. All that’s needed is a signature by the private key to prove the user’s ownership of those rights.
In early December 2021, the Auth0 Lab released a demo of what this could look like using Auth0. It quickly got the attention of Web3 organizations like Metamask and led to a jump into the Auth0 Lab Discord membership, a community open to anyone interested in discussing Auth0 Lab initiatives with the team.
Spruce, which builds decentralized identity tooling and self-sovereign user data storage for Web3 users and organizations, released a sign-in with Ethereum (SIWE) integration on the Auth0 marketplace. Now any Auth0 client can leverage SIWE in their applications.
This activity diagram shows how the oidc.login.xyz server can facilitate authentication. The website in this diagram is an Auth0 application. Like with any OIDC server, Auth0 can augment the data from any additional sources and help manage the JWT. It’s a great way to quickly plug your existing Auth0 application into the growing Web3 user base.
Currently, Metamask, WalletConnect, Fortmatic, Torus, and Coinbase are all supported in the integration.
Adding Sign in With Ethereum to Your Tenant
It only takes minutes to add sign in with Ethereum to your Auth0 tenant!
Step One: Add the Integration from the Marketplace
From https://marketplace.auth0.com/integrations/siwe, with a simple click of “Add Integration” and a quick selection of which tenant you’d like to add the integration to, you can get started with your setup.
Step Two: Obtain a Client ID and Secret
Obtain a Client ID and secret, this can be done with a simple CURL command:
curl -X POST https://oidc.login.xyz/register -d '{"redirect_uris":["https://YOUR_AUTH0_DOMAIN/login/callback"]}'
Step Three: Create the New Social Connection
Login to the Auth0 tenant you selected in Step One and head over to your social connections. A sign-in with Ethereum connection will be on the list:
Step Four: Configure the Social Connection
Accept the access request by clicking “Continue”, and add your Client ID from Step Two. If your application is a Confidential Application, add the Client Secret.
Step Five: Enable the Connection on Your Application
Finally, toggle the connection to on for the application you’re trying to add it to:
That’s it! If you need additional help, review the installation instructions on the integration marketplace page, and you can always join the Spruce discord server.
Future Plans for Sign-in with Ethereum
Sign-in with Ethereum (SIWE) is an open standard, led by Spruce with support from the Ethereum Foundation and ENS. It was built in public over a number of months with the input of security experts, Ethereum community members, and Web3 projects. Spruce will continue to support their existing work on numerous libraries for direct integration and their OpenID Connect Identity Provider Server, which is also open source.
What’s Next?
The Auth0 Lab team is deeply invested in exploring Web3 identity potential. You can follow our progress on Twitter. If you’re interested in speaking with the team, join our discord and start a thread.
The Auth0 Lab team is working on demo features and apps that will show the potential of Web3 identity for Web2 and Web3 orgs alike. We look forward to sharing our experiments, working with you, learning from you, and building awesome things together.
The Auth0 Marketplace is always looking for partners to build new extensions onto Auth0. Visit https://auth0.com/integrate to learn more.