A key feature of Web3 is its blockchain-based identity layer, giving users complete control over their Web3 identity, and allowing them to authenticate themselves using Web3 wallets. However, within the more conventional Web2 ecosystem, users had to rely on centralized identity providers. This system presents issues with single points of failure compromising personal data if data breaches occur. Moreover, it provides a worse user experience as individuals need to keep track of multiple login credentials for different websites and applications. This is why the EIP-4361 standard was introduced, allowing users to sign in with Ethereum on more conventional Web2 platforms alike. As an exciting concept bridging the gap between Web2 and Web3, this article will dive deeper into EIP-4361 and explain what the standard entails!
In addition to explaining the intricacies of EIP-4361, we will take a closer look at how you can implement this standard using Moralis. Moralis’ authentication solution implements EIP-4361. Furthermore, the API allows you to authenticate users with several methods. As such, if you want to learn more about EIP-4361 and Web3 authentication, follow along as we explore these concepts further in this article.
Moreover, Web3 authentication is only one instance in which Moralis comes in handy. You also have the ability to implement Web3 syncs and Web3 webhooks quickly and easily when working with the platform. As a result, Moralis allows you to create sophisticated Web3 projects with ease. What’s more, Moralis is integrable with any backend!
So, if you would like to create dapps (decentralized applications) and become a blockchain developer, sign up with Moralis now. You can set up your account with just a few clicks, and it is entirely free to get started!
What is an EIP (Ethereum Improvement Proposal)?
Before exploring the intricacies of EIP-4361, it might be advantageous to dive deeper into the concept of “EIPs”. So, to understand what they are, we will initiate this article by answering the question of “what is EIP?”.
EIPs is an abbreviation for “Ethereum improvement proposals”, which, as the name suggests, are improvement proposals for the Ethereum network. Furthermore, EIPs are essentially documents put forward by members of the Ethereum community. The documents contain suggestions for network and smart contract improvements. Once a community member submits a proposal, a team of editors revises the proposal and decides whether to update the protocol or not.
EIPs generally follow similar structures to that of research papers. Accordingly, they have abstract motivations or underlying reasons for the proposed change and technical specifications. Moreover, in addition to these elements, EIPs should include information about backward compatibility, test cases, security considerations, and rationale.
All members of the Ethereum community can write, propose, and submit EIPs to GitHub. Community members and Ethereum enthusiasts then discuss the suggestions and provide constructive feedback to the author. A team of editors later revises these EIPs and ultimately decides if the network should adopt the changes. An example of a proposal could be the implementation of the ERC-20 token standard. However, EIPs are not exclusively limited to token standards and can relate to other elements of the Ethereum blockchain.
Now, with a more profound understanding of EIPs and how they come to be, we are going to explore a particular proposal, namely EIP-4361, also known as “Sign-In with Ethereum”!
What is EIP-4361?
EIP-4361 specifies how Ethereum accounts authenticate with services off-chain. The authentication occurs by signing a standard message format parameterized with session details, security mechanisms, and scope. Furthermore, the goal of EIP-4361 is to provide a self-custodial option to centralized identity providers. This can improve interoperability over off-chain services for authentication mechanisms based on Ethereum. In addition, it will give Web3 wallet vendors a predictable and consistent message format, improving content management and user experiences.
Put simply, EIP-4361 is a standard for authentication that enables users to access various resources and websites on the internet using their Ethereum account. As a result, they will no longer need to rely on more traditional authentication providers such as Facebook (now Meta), Google, etc.
As such, it is a standard for off-chain authentication for Ethereum-based accounts to create sessions. This provides an opportunity for a more unified Web2 identification layer which can benefit customers and businesses by creating more seamless user experiences.
If you want to know more about the details and technical specifications, we suggest you take a closer look at the EIP-4361 proposal in the official documentation. This takes you deeper into the intricacies of how Sign-In with Ethereum works and some examples to illustrate the standard in action.
Nonetheless, before we look closer at why EIP-4361 is essential, we will briefly cover “SIWE”, as you might have stumbled across this term while exploring Sign-In with Ethereum.
What is SIWE?
If you have been searching for EIP-4361, you might have come across the term “SIWE”. So, what is SIWE? In short, SIWE, short for “Sign-In with Ethereum”, is a developer term referring to EIP-4361. Hence, if you see any reference to SIWE, you can simply regard it as synonymous with EIP-4361 Sign-In with Ethereum functionality.
Now that we know what EIP-4361 entails and that it allows users to sign in with Ethereum on Web2-based projects, we can closely examine why the standard is essential!
Why is EIP-4361 Important?
From a historical perspective, web applications, websites, and mobile apps – not built on a decentralized blockchain – have relied on identity providers with centralized control over user data. An example here is Facebook (now Meta). Facebook provides a login to a user profile and access to their services. In return, you agree to provide data that they can use to track you, serve you ads and consequently influence your consumer decisions. Accordingly, that’s why businesses such as Facebook and Google can offer their services “free of charge”.
However, this centralized identity system based on usernames and passwords has been problematic in some instances. Issues such as single points of failure inherent to centralization can become problematic. This makes organizations and user data vulnerable to data breaches. What’s more, as most organizations are separate entities, there is no unified identity layer where users need to keep track of several different logins, negatively affecting user experiences.
However, this is where EIP-4361 enters the picture allowing you to sign in with Ethereum on projects built off-chain. As such, this standard eliminates uncertainties about data breaches, digital footprints, etc. Moreover, EIP-4361 is powered by blockchain technology and designed with decentralization at its core. As a result, EIP-4361 allows for a unified identification system for Web2 and Web3, bridging the gap between the spaces.
As EIP-4361 allows users to sign in with Ethereum when it comes to conventional Web2 applications, which contributes to a unified identification system, it can positively influence enterprise models. It will remove unnecessary onboarding friction allowing users to access businesses’ services easily. In addition, since it provides a more seamless user experience for both Web2 and Web3, it also results in a more compelling user experience over the complete ecosystem. This can contribute to more satisfied customers and significantly help brands grow!
Sign In with Ethereum Through the Moralis Auth API
Moralis is the easiest and most accessible way to implement Web3 authentication functionality into your projects. Furthermore, Moralis’ authentication solution is an implementation of EIP-4361 or SIWE. Moreover, it does not matter if you are creating a new Web3 application, want to connect an existing Web3 database using Web3 auth, or looking to leverage authentication aggregators for your enterprise’s auth flow; Moralis can aid in all these situations.
From a conventional perspective, you had to redirect users to third-party authentication interfaces, discover how wallets work on the various chains, assume responsibility for the security associated with auth solutions, etc. With Moralis’ Auth API, you can avoid all these cumbersome tasks and implement authentication mechanisms more seamlessly.
Moralis provides a comprehensive SDK, compatibility with aggregators such as Auth0, and a unified API for all Web3 auth methods. Moreover, as soon as new wallets, chains, and authentication methods emerge, Moralis is implementing support for these on an ongoing basis. As a result, Moralis provides future-proof authentication flows, consequently making your applications fit for the long term.
Furthermore, Moralis bridges the gap between Web2 and Web3 by combining the accessibility of Web2 development and the power of Web3 technology. As such, you can offer your users the fastest and most straightforward way to sign up with Ethereum. Moreover, you can implement Web3 authentication with only single code snippets. This allows you to allocate less time toward complex integrations and focus on creating more compelling customer experiences. So, if you decide to work with Moralis’ Auth API, you can eliminate unnecessary onboarding friction and future-proof your authentication flows for existing Web2 applications or new blockchain projects!
Now that we have explored Moralis’ authentication API, we can look closely at some of Moralis’ EIP-4361 authentication alternatives!
Moralis’ EIP-4361 Authentication Alternatives
Moralis’ Auth API supports several chains and provides many options to choose from when it comes to Web3 authentication. However, before exploring the different alternatives, we will briefly cover the authentication process when working with Moralis’ Auth API:
- Your client requests a sign-in challenge.
- Your server then requests a challenge from Moralis’ Auth API, which the server passes to the client.
- The message is signed by the client, which, in turn, gives it to your server for verification.
- Your server utilizes Moralis to verify the challenge.
Moreover, it is vital to know that, after the Web3 wallet authentication, the next-auth library is responsible for creating a session cookie in the user’s browser. This session contains an encrypted JWT containing an address, message, and expiration time. Hence, a key takeaway is that Moralis’ authentication functionality creates an actual JWT session.
Furthermore, the authentication flow provides you with complete control of everything. The data is sent directly to your backend, allowing you to store it independently. As such, all profiles and identities return to you, and you will not have to depend on a third-party provider for anything regarding Web3 authentication. If you would like more information on the API, check out the complete Moralis Auth API reference.
Nonetheless, here is a list of some of the different authentication alternatives:
- MetaMask
- WalletConnect
- Coinbase Wallet
- RainbowKit
- Magic Auth
If you want to learn more about how Moralis’ Web3 authentication works, we recommend reading the following articles. This first one illustrates how to add Coinbase Wallet login functionality. Moreover, the second one demonstrates how you can add a sign in with RainbowKit to your project in just five steps!
Exploring EIP-4361 – Summary
This article explored the intricacies of EIP-4361 and what the standard entails. EIP-4361 is an Ethereum improvement proposal that sets a standard for Web3 authentication for services off-chain. This presents an opportunity for developers to create a unified identity layer for both Web2 and Web3 websites and applications. As such, it has the potential to remove onboarding friction and provide a more compelling user experience. These are two factors benefiting both users and enterprises.
What’s more, in addition to exploring EIP-4361, we took a closer look at Moralis’ Auth API. Web3 authentication becomes more accessible when working with Moralis as the platform allows you to implement future-proof authentication flows for all future projects with only single snippets of code. Moreover, Moralis’ authentication alternatives are implementations of the EIP-4361 standard!
If you have further interest in the Web3 development space, we highly recommend checking out other content here at Moralis’ Web3 blog. You can, for example, read up on the ultimate NodeJS EVM API, Moralis’ NodeJS SKD for Web3, or blockchain syncs!
In addition, consider checking out Moralis Academy if you want to become more proficient in blockchain development. The academy offers a selection of amazing blockchain courses for both beginners and more experienced developers. For example, if you are new to the space, make sure to learn the basics with the “Blockchain & Bitcoin 101” course. As such, you are only moments away from becoming blockchain certified with Moralis Academy!
Nonetheless, if you are a Web3 developer, sign up with Moralis and make your development processes more accessible. Creating an account is free and only takes a couple of seconds!