This documentation section will dive deep into implementing the Sign-in with Near Protocol(SIWN). For more details about the concept Sign in With X (SIWx), CAIP-122.
Sign-In with Near Protocol describes how Near accounts authenticate with off-chain services by signing a message parameterized by scope, nonce, etc. It is an alternative to centralized identity providers. It is based on the self-custody of your identity. It leverages the on-chain authentication model to off-chain services.
The reason behind implementing the concept Sign-In with Near is that it is a critical step in the Login with NFTs concept. Before granting access to some services based on the ownership of some NFTs, we need to check two main aspects:
You own an account via Sign with Near.
Verify that the account has an NFT in a specified collection.
An account in Near is linked to the ownership of a private key which is then mapped to his public key. The hash of the public key outputs an address.
The IDP Kit implements SIWN based on seven main steps:
Nonce generation.
Redirection to the IDK Kit wallet user interface.
Connect to your Near wallet.
A popup appears for signing the message. It is based on multiple factors like the nonce generated by the IDP Kit, account address, etc.
Click the “Sign” button.
Redirection to the IDK Kit verification service.
The IDP Kit verifies the message signature based on the account address.
The message will be in the form of:
{domain} wants you to sign in with your Near account: {address}. Public Key: {publicKey}.Date: {ISO8601formatedTimestamp}. {description} URI: {origin}. Version: {versionNumber}. Nonce: {nonce}
domain: is the RFC 3986 authority that is requesting the signing.
Permissions.address: account address.
Public Key : account public key.
Date: is the ISO 8601 datetime string of the current time.
Nonce:security parameter generated by the IDP Kit.