-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 2.0.3 #76
Release 2.0.3 #76
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes look good to me. Ran the package and tests locally, successfully.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
have we made sure to update README.md accordingly? otherwise looks good.
Not really sure what changes would be needed for the README |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
This updates the library to have a consistent behaviour of SIWE message parsing, creation and verification. For message parsing, siwe-parser is used. It enables domain, nonce and time-based verification. Time-based means that it is now possible to check the not-before and expiration-date from the SIWE message properties against a given time.
This update introduces the following breaking changes and implements more strict checks from the EIP-4361 specification:
validate(…)
was renamed tovalidateMessage()
and now is private. Useverify(…)
instead, which enforces signature verification and allows for domain, nonce or time-based verification.ethers
became a peer dependency.type
andsignature
properties fromSiweMessage
verify(params, provider)
function takes an object asparams
defined as:So to migrate to the newest version change
validate(signature)
toverify({ signature: signature })
.verify(...)
function now returns an objectSiweResponse
defined as:So instead of
try
catch
blocks, just check ifsuccess
istrue
, and iffalse
check forerror
.data
will always be the message verified.This update introduces more granular error types in case verification or message parsing failed: