Oasis uses smart contract wallets to connect to Dapps. It requires Dapps to have a signature verification implementing the EIP-1271 standard. Having smart wallets solutions shown in your WalletConnect modal doesn’t mean it is functional. The following explanations intend to help standardise sign-in methods in web3, it is not specific to Oasis product but to any smart wallet solution.
It consists of 3 steps:
Sign-In with Ethereum is a proposal for a method of authenticating with off-chain services using Ethereum accounts. It describes a standard message format that includes parameters such as scope, session details, and security mechanisms (e.g., a nonce). The proposal aims to provide a self-custodied alternative to centralised identity providers, improve interoperability across off-chain services for Ethereum-based authentication, and provide wallet vendors with a consistent machine-readable message format to improve user experiences and consent management.
In this method, users would sign a message using their Ethereum account private key, and the off-chain service would verify the signature using the corresponding public key. The signed message would contain a nonce to prevent replay attacks, and additional data such as the scope of the authentication and session details. By using this method, users maintain control over their digital identity, and the off-chain service does not need to store any user information.
Externally Owned Accounts (EOA) can sign messages with their associated private keys, but currently contracts cannot. We propose a standard way for any contracts to verify whether a signature on a behalf of a given contract is valid. This is possible via the implementation of a isValidSignature(hash, signature)
function on the signing contract, which can be called to validate a signature.
One example of an application that requires signatures to be provided would be decentralized exchanges with off-chain orderbook, where buy/sell orders are signed messages. In these applications, EOAs sign orders, signaling their desire to buy/sell a given asset and giving explicit permissions to the exchange smart contracts to conclude a trade via a signature. When it comes to contracts however, regular signatures are not possible since contracts do not possess a private key, hence this proposal.
import { ethers } from 'ethers';
import { SiweMessage } from 'siwe';
const domain = window.location.host;
const origin = window.location.origin;
const provider = new ethers.providers.Web3Provider(window.ethereum);
const signer = provider.getSigner();
function createSiweMessage (address, statement) {
const message = new SiweMessage({
domain,
address,
statement,
uri: origin,
version: '1',
chainId: '1'
});
return message.prepareMessage();
}