A closer look at a new login feature from StakeNow enabling users to utilize their Tezos accounts to sign in to services and decentralized applications (dApps).
We’re all probably familiar with traditional sign-in methods like Google, Facebook, etc. We click sign in, and we may get a message asking questions about collected data. Then, we’re logged in.
We should also have the same experience with blockchain services and dApps. Using the standards widely adopted by solutions such as Sign-in-With-Ethereum, SIWT enables builders to incorporate the same feature into their dApps and services. Having a one click sign in is a pretty convenient feature.
Let’s explore SIWT and how you can get started using it today.
What is SIWT?
SIWT is a library that simplifies access control for developers and users, supporting the development of Tezos-based dApps and services. SIWT allows users to authenticate by proving they own the private key corresponding to their Tezos address by signing a message, which the dApp verifies to grant access.
SIWT can also add permissions based on on-chain data, such as tez holdings or specific transaction histories. This allows dApps to control access to APIs or backend services based on on-chain Tezos data. This can expand to other things such as NFT holdings, allow-lists for an upcoming mint, and more.
Several sites have already implemented SIWT with the Discourse plugin. If you visit the Tezos Agora forum, you can sign in with your Tezos wallet.
After clicking the “Sign-in with Tezos” option, you’ll be prompted to a screen with four boxes hovering over the option to continue the process. Don’t worry about those boxes; this is a CSS glitch that will be updated in the coming days. Clicking “Sign-in with Tezos” once more will provide you with a beacon auth, choose the Tezos wallet you use.
After doing so, you’ll be redirected to your wallet of choice. In my case, I used Kukai. You’ll be prompted to sign some messages, and as you create a new account, you’ll be directed to enter your email and other details, such as a username or optional full name. Upon completing these items and clicking “sign up,” you can now sign in with Tezos on Tezos Agora!
Sign-in with Tezos is also available on Teia’s forum. You can follow the steps above to create an account and sign in with your Tezos wallet. Suppose you already have an account on Tezos Agora. In that case, you can follow the same process above, except heading to your preferences under the summary page of your profile. This option will be visible as “SIWT” under associated accounts.
Chain Agnostic Standardization and Compliance
For something like we’ve shown above, as a user, we may feel as if there’s not a lot going on here. Sign in and enter a few details for forum access, and that’s about it, right? That would be quite far from the truth.
The StakeNow team and Klas Harrysson of Kukai are behind a new TZIP (Tezos Improvement Proposal), TZIP-33. TZIPs play an essential part in virtually any component of the Tezos ecosystem that does not affect the network itself. Those things would fall under a protocol upgrade. TZIPs affect complementary parts of the Tezos ecosystem, particularly new features, specifications, or standards.
The new TZIP, currently in draft status, describes the motivation and workflow for SIWT. One of the primary pieces to showcase here is how SIWT is adapted from much of the legwork done with Sign-in with Ethereum, EIP-4361. One piece in particular, chain-agnostic standards, such as CAIP-122, were an important part of SIWT.
Roy Scheeren of StakeNow shared a few words about this with me in a chat.
This basically describes how the sign-in message should look like. What they tried to do is set a certain set of standards amongst all blockchains, enabling consistency. For message signing, about 95–98% of what Sign-in with Ethereum had researched has been taken as the standard. So we took the Tezos specific things and made a improvement proposal that is Tezos specific and adheres to all the chain agnostic standards.
What we’ve essentially done is make a proof of concept of how you can use OIDC with Sign-in with Tezos. OIDC is a standardized flow of a secure authentication and authorization. If you’ve used Google, GitHub, or Microsoft accounts all of them provide their own sign in options. Many of these providers will provide an OIDC flow, so if you have a provider you can use the exact same flow, structure, and securities that come with it.
Using Ory Hydra, the StakeNow team has selected them as their OIDC provider. This provider is being used to provide proof of concept, which you can see live on their main site. By heading to the site, click “Sign-in with ODIC” and begin using the PoC. Simply choose the Tezos wallet you use from the beacon auth window that populates. You’ll then be prompted to sign a message after connecting your Tezos wallet on the screen and within the Tezos wallet. After that, you can now “complete sign in” and finish the OIDC PoC!
If you want to implement secure message signing for your dApp/service, you can integrate SIWT today. However, as mentioned above, if you want standardized auth flow you will also need an OIDC provider. You can still use it without it. Implementing a signature following CAIP standards can be done without the requirement of OIDC. The functionality to integrate SIWT has been there for some time for client server side authentication, these standards and frameworks take it a step further than when I previously wrote about it, Introducing Sign In With Tezos (SIWT) from StakeNow.
Regarding implementing chain agnostic standards such as CAIP-122, we can see how other builders in the ecosystem have built their own solutions and could benefit from having such standards around message signing. For instance, if you sign a message on OBJKT, you may notice that the message you must sign on fx(hash) looks different. The ecosystem could benefit from aligning with these chain-agnostic standards across dApps and NFT marketplaces.
Final Thoughts
Expanding on their previous work, StakeNow has implemented standardization around SIWT with CAIP-122 and the authorship of a new TZIP, TZIP-33. You can implement secure message signing for your dApp/service today. Make sure to enable SIWT on the Tezos Agora or Teia forum, or head over to their documentation and start integrating SIWT today!
A Closer Look At Sign-in With Tezos (SIWT) was originally published in Tezos Commons on Medium, where people are continuing the conversation by highlighting and responding to this story.
