Sign-in with Algorand (SIWA)

This documentation section will dive deep into implementing the Sign-in with Algorand(SIWA). For more details about the concept Sign in With X (SIWx), CAIP-122.

Sign-In with Algorand Blockchain describes how Algorand accounts authenticate with off-chain services by signing a message parameterized by scope, nonce, etc. It is an alternative to centralized identity providers. It is based on the self-custody of your identity. It leverages the on-chain authentication model to off-chain services.

The reason behind implementing the concept Sign-In with Algorand is that it is a critical step in the Login with NFTs concept. Before granting access to some services based on the ownership of some NFTs, we need to check two main aspects:

  • You own an account via Sign with Algorand.

  • Verify that the account has an NFT in a specified collection.

An account in Algorand is linked to the ownership of a private key which is then mapped to his public key. The hash of the public key outputs an address.

The IDP Kit implements SIWA based on seven main steps:

  1. Nonce generation.

  2. Redirection to the IDK Kit wallet user interface.

    1. Connect to your Algorand wallet.

  3. A popup appears for signing the message. It is based on multiple factors like the nonce generated by the IDP Kit, account address, etc.

  4. Click the “Sign” button.

  5. Redirection to the IDK Kit verification service.

  6. The IDP Kit verifies the message signature based on the account address.

The message will be in the form of:

{domain} wants you to sign in with your Algorand account: {address}. Public Key: {publicKey}.Date: {ISO8601formatedTimestamp}. {description} URI: {origin}. Version: {versionNumber}. Nonce: {nonce}

  • domain: is the RFC 3986 authority that is requesting the signing.

  • Permissions.address: account address.

  • Public Key : account public key.

  • Date: is the ISO 8601 datetime string of the current time.

  • Nonce: security parameter generated by the IDP Kit.

Last updated