Release 2.0.3

[w4ll3]

This updates the library to have a consistent behaviour of SIWE message parsing, creation and verification. For message parsing, siwe-parser is used. It enables domain, nonce and time-based verification. Time-based means that it is now possible to check the not-before and expiration-date from the SIWE message properties against a given time.

This update introduces the following breaking changes and implements more strict checks from the EIP-4361 specification:

• validate(…) was renamed to validateMessage() and now is private. Use verify(…) instead, which enforces signature verification and allows for domain, nonce or time-based verification.
• ethers became a peer dependency.
• EIP-55 validation of EIP-155 is enforced, non-EIP-155 messages are considered as invalid.
• removed type and signature properties from SiweMessage
• not-before message field is now being checked
• the verify(params, provider) function takes an object as params defined as:

export interface VerifyParams {
    /** Signature of the message signed by the wallet */
    signature: string;

    /** RFC 4501 dns authority that is requesting the signing. */
    domain?: string;

    /** Randomized token used to prevent replay attacks, at least 8 alphanumeric characters. */
    nonce?: string;

    /**ISO 8601 datetime string of the current time. */
    time?: string;
}

So to migrate to the newest version change validate(signature) to verify({ signature: signature }).

• the new verify(...) function now returns an object SiweResponse defined as:

export interface SiweResponse {
    /** Boolean representing if the message was verified with success. */
    success: boolean;

    /** If present `success` MUST be false and will provide extra information on the failure reason. */
    error?: SiweError;

    /** Original message that was verified. */
    data: SiweMessage;
}

So instead of try catch blocks, just check if success is true, and if false check for error. data will always be the message verified.

This update introduces more granular error types in case verification or message parsing failed:

• EXPIRED_MESSAGE
• INVALID_DOMAIN
• DOMAIN_MISMATCH
• NONCE_MISMATCH
• INVALID_ADDRESS
• INVALID_URI
• INVALID_NONCE
• NOT_YET_VALID_MESSAGE
• INVALID_SIGNATURE
• INVALID_TIME_FORMAT
• INVALID_MESSAGE_VERSION
• UNABLE_TO_PARSE

[skgbafa]

The changes look good to me. Ran the package and tests locally, successfully.

[awoie]

have we made sure to update README.md accordingly? otherwise looks good.

[w4ll3]

have we made sure to update README.md accordingly? otherwise looks good.

Not really sure what changes would be needed for the README

[awoie]

lgtm